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protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a 
retrieval system, or translated into any language without written permission from the 
copyright holders. 

The following trademarks are used in this document: 

• Microsoft is a registered trademark of Microsoft Corp. 

• Windows, Windows 95, 98, Me, NT, 2000, XP, Vista and Explorer are 
trademarks of Microsoft Corp. 

• Apple and Mac OS are registered trademarks of Apple Inc. 

• Other products may be trademarks or registered trademarks of their respective 
manufacturers. 


Safety Instructions and Approval 


Safety 

Instructions 


Warranty 


Be a Registered 
Owner 

Firmware & Tools 
Updates 


• Read the installation guide thoroughly before you set up the router. 

• The router is a complicated electronic unit that may be repaired only be 
authorized and qualified personnel. Do not try to open or repair the router 
yourself. 

• Do not place the router in a damp or humid place, e.g. a bathroom. 

• The router should be used in a sheltered area, within a temperature range of +5 to 
+40 Celsius. 

• Do not expose the router to direct sunlight or other heat sources. The housing and 
electronic components may be damaged by direct sunlight or heat sources. 

• Do not deploy the cable for LAN connection outdoor to prevent electronic shock 
hazards. 

• Keep the package out of reach of children. 

• When you want to dispose of the router, please follow local regulations on 
conservation of the environment. 

We warrant to the original end user (purchaser) that the router will be free from any 
defects in workmanship or materials for a period of two (2) years from the date of 
purchase from the dealer. Please keep your purchase receipt in a safe place as it serves 
as proof of date of purchase. During the warranty period, and upon proof of purchase, 
should the product have indications of failure due to faulty workmanship and/or 
materials, we will, at our discretion, repair or replace the defective products or 
components, without charge for either parts or labor, to whatever extent we deem 
necessary tore-store the product to proper operating condition. Any replacement will 
consist of a new or re-manufactured functionally equivalent product of equal value, and 
will be offered solely at our discretion. This warranty will not apply if the product is 
modified, misused, tampered with, damaged by an act of God, or subjected to abnormal 
working conditions. The warranty does not cover the bundled or licensed software of 
other vendors. Defects which do not significantly affect the usability of the product will 
not be covered by the warranty. We reserve the right to revise the manual and online 
documentation and to make changes from time to time in the contents hereof without 
obligation to notify any person of such revision or changes. 

Web registration is preferred. You can register your Vigor router via 
http ://www. draytek. com. 

Due to the continuous evolution of DrayTek technology, all routers will be regularly 
upgraded. Please consult the DrayTek web site for more information on newest 
firmware, tools and documents. 

http ://www.draytek.com 
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European Community Declarations 

Manufacturer: DrayTek Corp. 

Address: No. 26, Fu Shing Road, HuKou Township, HsinChu Industrial Park, Hsin-Chu County, Taiwan 

303 

Product: Vigor2960 

DrayTek Corp. declares that Vigor2960 of routers are in compliance with the following essential requirements 
and other relevant provisions of EC, Directive 2004/108/EC. 

The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by 
complying with the requirements set forth in EN55022/Class A and EN55024/Class A. 

The product conforms to the requirements of Low Voltage (LVD) Directive 2006/95/EC by complying with the 
requirements set forth in EN60950-1. 

Regulatory Information 

Federal Communication Commission Interference Statement 

This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 
15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a 
residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed 
and used in accordance with the instructions, may cause harmful interference to radio communications. However, 
there is no guarantee that interference will not occur in a particular installation. If this equipment does cause 
harmful interference to radio or television reception, which can be determined by turning the equipment off and 
on, the user is encouraged to try to correct the interference by one of the following measures: 

• Reorient or relocate the receiving antenna. 

• Increase the separation between the equipment and receiver. 

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. 

• Consult the dealer or an experienced radio/TV technician for help. 

This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: 

(1) This device may not cause harmful interference, and 

(2) This device may accept any interference received, including interference that may cause undesired operation. 


Please visit http://www.draytek.com/user/AboutRegulatory.php. 
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Chapter 1: Preface 


The Vigor2960 Series integrates a rich suite of functions, including NAT, firewall, VPN, 
load balance, and bandwidth management capability. These products are very suitable for 
providing multi-integrated solutions to SME markets. 

A Virtual Private Network (VPN) is an extension of a private network that encompasses 
links across shared or public networks like an Intranet. A VPN enables you to send data 
between two computers across a shared public Internet network in a manner that emulates 
the properties of a point-to-point private link. The DrayTek Vigor2960 Series VPN router 
supports Internet-industry standards technology to provide customers with open, 
interoperable VPN solutions such as X.509, DHCP over Internet Protocol Security (IPSec) 
up to 500 tunnels, and Point-to-Point Tunneling Protocol (PPTP). 

1.1 Web Configuration Buttons Explanation 

Several main buttons appeared on the web pages are defined as the following: 

H Apply Save and apply current settings. 


8 Cancel Cancel current settings and recover to the previous saved settings, or 


discard the settings configured in the page. 
Next Go to next page. 


Previous Return to the previous page. 


H finish Complete the setting configuration. 


Note: For the other buttons shown on the web pages, please refer to Chapter 4 for detailed 
explanation. 


1.2 LED Indicators and Connectors 

Before you use the Vigor router, please get acquainted with the LED indicators and 
connectors first. The displays of LED indicators and connectors for the routers are different 
slightly. 
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Description for LED 



1 LED 

Status 

Explanation 1 

ACT (Activity) 

Blinking 

The router is powered on and running 
normally. 


Off 

The router is powered off. 

CSM 

On 

The profile(s) of CSM (Content Security 
Management) for IM/P2P, URL/Web Content 
Filter application can be enabled from 

Firewall »General Setup. (Such profile 
must be established under CSM menu). 

VPN 

On 

The VPN tunnel is active. 


Off 

No VPN tunnel is active. 

DoS 

On 

The DoS/DDoS function is active. 


Blinking 

It will blink while deleting an attack. 

WAN 1/2 

On 

The WAN 1 or WAN2 connection is ready. 


Blinking 

It will blink while transmitting data. 

QoS 

On 

The QoS function is active. 


Off 

The QoS function is disabled. 

USB 1/2 

On 

The USB device is connected and ready for 
use. 


Blinking 

The data is transmitting. 


LED on Connector 


GigaWAN 1/2 

Left LED 
(Green) 

On 

The port is connected. 

Off 

The port is disconnected. 

Blinking 

The data is transmitting. 

Right LED 
(Green) 

On 

The port is connected with 1000Mbps. 

Off 

The port is connected with 10/100Mbps. 

GigaLAN 

1/2/3/4 

Left LED 
(Green) 

On 

The port is connected. 

Off 

The port is disconnected. 

Blinking 

The data is transmitting. 

Right LED 
(Green) 

On 

The port is connected with 1000Mbps. 

Off 

The port is connected with 10/100Mbps. 
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Connectors 




\ Interface 

Description I 

Factory Reset 

Restore the default settings. Usage: Turn on the router (ACT LED is 
blinking). Press the hole and keep for more than 5 seconds. When you 
see the ACT LED begins to blink rapidly than usual, release the button. 
Then the router will restart with the factory default configuration. 

GigaWAN 1/2 

Connecters for remote networked devices. 

GigaLAN 1/2/3/4 

Connecters for local networked devices. 

USB 1/2 

Connecter for Mobile HDD, 3G Modem or printer. 

H9 

Connecter for a power cord. 

ON/OFF - Power switch. 
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1.3 Hardware Installation 

1.3.1 Network Connection 

Before starting to configure the router, you have to connect your devices correctly. 

1. Connect one end of an Ethernet cable (RJ-45) to one of the LAN ports of Vigor2960s. 

2. Connect the other end of the cable (RJ-45) to the Ethernet port on your computer (that 
device also can connect to other computers to form a small area network). The LAN 
LED for that port on the front panel will light up. 

3. Connect the cable Modem/DSL Modem/Media Converter to any WAN port of router 
with Ethernet cable (RJ-45). 

4. Connect the power cord to Vigor2960’s power port on the rear panel, and the other side 
into a wall outlet. 

5. Power on the device by pressing down the power switch on the rear panel. The PWR 
LED should be ON. 

6. The system starts to initiate. After completing the system test, the ACT LED will light 
up and start blinking. 

Below shows an outline of the hardware installation for your reference. 
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1.3.2 Wall-Mounted Installation 


The Vigor2960 Series can be mounted on the wall by using standard brackets shown below. 

* *j * 

Choose a flat surface (on the wall) which is suitable for placing the router. Make the screw 
holes on the short side of the bracket aim at the screw holes on the router. Next, fasten both 
the bracket and the router with two screws; and fasten both the wall and the bracket with 
another two screws. Refer to the following figure. 



Then, continue to fasten the screws on the other side of the router and the wall with other 
screws. 

When you finished about procedure, the router has been mounted on the wall firmly. 
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Chapter 2: Initial Configuration 


For use the router properly, it is necessary for you to change the password of web 
configuration for security and adjust primary basic settings. 

This chapter explains how to setup a password for an administrator and how to adjust basic 
settings for accessing Internet successfully. Be aware that only the administrator can change 
the router configuration. 


2.1 Changing Password 

To change the password for this device, you have to access into the web browse with default 
password first. 

1. Make sure your computer connects to the router correctly. 

9 


2. Open a web browser on your PC and type http://192.168.1.1. A pop-up window will 
open to ask for username and password. Please type default values on the window for 
the first time accessing. The default value for user name is admin and the password is 
admin. Next, click Login. 


Notice: You may either simply set up your computer to get IP 
dynamically from the router or set up the IP address of the computer to be 
the same subnet as the default IP address of Vigor router 192.168.1.1, 
For the detailed information, please refer to the later section - Trouble 
Shooting of this guide. 
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User : 
Password 


admin 


***** 


English 


Login 
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3. 


Now, the Main Screen will pop up. 



4. Go to System Maintenance page and choose Administrator Password. 



5. Enter the login password (admin, in default) on the field of Original Password. Type a 
new one in the field of New Password and retype it on the field of Confirm Password. 
Then click Apply to continue. 

6. Now, the password has been changed. Next time, use the new password to access the 
Web Configurator for this router. 


DrayTek 


Vigor2960 Series User’s Guide 


















































2.2 Quick Start Wizard 

Quick Start Wizard is a wizard which is designed for configuring your router accessing 
Internet with simply steps. In the Quick Start Wizard group, you can configure the router to 
access the Internet with different modes such as Static, DHCP, PPPoE, or PPTP modes. 

For most users, Internet access is the primary application. The router supports the Ethernet 
WAN interface for Internet access. 

Click Quick Start Wizard from the home page. Quick Start Wizard will guide the user to 
establish LAN interface profile, WAN interface profile and select proper protocol for 
connection. The following will explain in more detail for the various broadband access 
configurations. 


2.2.1 Step 1 - Specifying the WAN Profile 

In the first page of Quick Start Wizard, please choose a WAN profile and specify IPv4 
protocol. 


Quick Start Wizard 



Available parameters are listed as follows: 


Item 


Description 


Profile 


Use the drop down list to choose one of the WAN profiles 
for modifying. 


wanl 

V 

wanl 

wan2 



IPv4 Protocol 


Use the drop down list to choose the type for the IPv4 
protocol for such profile. 


Static 

Static 


DHCP 

PPPoE 

PPTP 
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When you finish the above settings, please click Next to go to next page. 


2.2.2 Step 2 - Configuring the Selected Protocol 


This page will be changed according to the IPv4 Protocol Type selected on last page. 


Quick Start Wizard 


Step 


Step 2 


IPAddress: 0 0 0 


Subnet P«1ask : 

255.255.255.0 v 



Gateway IPAddress : 




llj Add H Save 


DNS Server IP Address 


If Static is selected 

If Static is selected, the following screen will appear. You can manually assign a static IP 
address to the WAN interface and complete the configuration by applying the settings and 
rebooting your router. Please type in values for Static IP address, Static Mask, Static 
Gateway and Static DNS specified by your ISP, and then click Next. 



Available parameters are listed as follows: 


Item 

Description 

IP Address 

Type a public IP address for such WAN profile. 

Subnet Mask 

Choose the static mask from the drop down list. 
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Gateway IP Address 


Type a public gateway address for such WAN profile. 


DNS Server IP 
Address 


J m - click it to remove the IP address if you are not satisfied 
with it. 

Add - Click this button to display the IP address field for 
adding a new IP address. Type the IP address on the tiny boxes 
one by one. 



Add H Save 

DNS Server IP Address 

DNS Server IP Address : 

1“ .95 . [j "if |J) 


Save - After finished the IP address configuration, click Save 
to save the setting onto the router. 


Add H Save 

DN S Server IP Address 


ms.95.1.1 

KD 



Previous 

Finish 

Cancel 


^ - Click the icon to remove the selected entry. 
Click it to return to previous setting page. 

Click it to finish the configuration. 

Click it to discard the settings configured in this page. 


When you finished the above settings, please click Finish. 


Vigor2960 Series User’s Guide 


11 


DrayTek 















If DHCP is selected 


DHCP allows a user to obtain an IP address automatically from a DHCP server on the 
Internet. If you choose DHCP mode, the DHCP server of your ISP will assign a dynamic IP 
address for Vigor2960 automatically. It is not necessary for you to assign any setting. (Host 
Name is required for some ISPs). 



Available parameters are listed as follows: 


Item 

Description 

Host Name (Optional) 

Type a name as the host name for identification. 

Previous 

Click it to return to previous setting page. 

Finish 

Click it to finish the configuration. 

Cancel 

Click it to discard the settings configured in this page. 


When you finished the above settings, please click Finish. 


If PPPoE is selected 

PPPoE stands for Point-to-Point Protocol over Ethernet. It relies on two widely accepted 
standards: PPP and Ethernet. It connects users through an Ethernet to the Internet with a 
common broadband medium, such as a single DSL line, wireless device or cable modem. All 
the users over the Ethernet can share a common connection. 

PPPoE is used for most of DSL modem users. All local users can share one PPPoE 
connection for accessing the Internet. Your service provider will provide you information 
about user name, password, and authentication mode. 

If your ISP provides you the PPPoE (Point-to-Point Protocol over Ethernet) connection, 
please select PPPoE for this router to get the following page. Enter the username and 
password provided by your ISP on the web page. 
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Item 

Description 

Username 

Type in the username provided by ISP in this field. 

Password 

Type in the password provided by ISP in this field. 

Previous 

Click it to return to previous setting page. 

Finish 

Click it to finish the configuration. 

Cancel 

Click it to discard the settings configured in this page. 


When you finished the above settings, please click Finish. 
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If PPTP is selected 

This mode lets user get the IP group information by a DSL modem with PPTP service from 
ISP. Your service provider will give you user name, password, and authentication mode for a 
PPTP setting. Click PPTP as the protocol. Type in all the information that your ISP provides 



for this protocol. 

If your ISP offers you PPTP (Point-to-Point Tunneling Protocol) mode, please select PPTP 
for this router. Next, enter the settings provided by your ISP on the web page. 


Available parameters are listed as follows: 


Item 


Description 


PPTP Over 


Usually ISP dynamically assigns IP address to you each time 
you connect to it and request. In some case, your ISP provides 
service to always assign you the same IP address whenever you 
request. In this case, you can fill in this IP address in the Fixed 
IP field. Please contact your ISP before you want to use this 
function. 


Static 


Static 

DHCP 


Static - specify the IP address. 

DHCP - obtain the IP address automatically. 
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Quick Start Wizard 

Step 2 


PPTP Over : 
Server Address : 
Username : 
Password : 



Server Address 
Username 
Password 
Previous 


IP Address 
Subnet Mask 
Gateway IP Address 




Type a remote IP address of PPTP server. 

Type in the username provided by ISP in this field. 
Type in the password provided by ISP in this field. 
Click it to return to previous setting page. 

Type a public IP address for such WAN profile. 
Choose the static mask from the drop down list. 

Type a public gateway address for such WAN profile. 


DNS Server IP 
Address 


- click it to remove the IP address if you are not satisfied 
with it. 

To add a new IP address, simply place the mouse cursor on this 
filed. The following dialog will appear. 


DNS Server IP Address : 


Add 

H Save 


DNS Server IP Address 

168 

95 1 l| 

ffi 


Add - Click this button to display the IP address field for 
adding a new IP address. 

Save - After finished the IP address configuration, click Save to 
save the setting onto the router. 



Previous 

Finish 

Cancel 


Click the icon to remove the selected entry. 
Click it to return to previous setting page. 

Click it to finish the configuration. 

Click it to discard the settings configured in this page. 
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When you finished the above settings, please click Finish. Later, you can surf the Internet at 
any time. 


Quick Start Wizard 


Step 2 


Host Name : 


vigor2360 


[Optional} 




% Previous 


■1 Finish Q Cancel 



When the following screen appears, it means you have finished the Quick Start Wizard 
configuration. 


Note X 
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2.3 Register Vigor Router 

Please follow the steps below to register the router. 

1 Before using such function, please register your router online first. Log into the web 
configurator of Vigor2960 and click Product Registration. 

Reboot System 
Firmware Upgrade 


Diagnostics 


External Devices 


Product Registration 


2 A Login page will be shown on the screen. Please type the account and password that 
you created previously. And click Login. 


Please take a moment to register. 

Membership Registration entitles you to upgrade firmware for your 
purchased product and receive news about upcoming products and 
services! 


LOGIN 


UserName : 

Password : 

Auth Code : 

If you cannot read the wor d.click here 
Forgotten password Jj Login ] 


( xx 


james fae 


txxhdd| 



Don't have a My Vigor Account ? Create an account now 

Become the MyVigor member, you can receive the e-newsietter update. 
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The following page will be displayed after you logging in MyVigor. From this page, 
please click Add. 
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H Home 


D About Us 

0 Product 

0 My Information 

C VigorACS SI 

'p Vigor Series 

O Management 

Product 

Registration 

-i Customer Survey 



My Information 


Weicome,james_fae 
Last Login Time : 2011-08-24 09:39:13 
Last Login From : 123.110.144.220 
Current Login Time : 2011-08-24 23:01:15 
Current Login From : 114.37.142.184 

RowNo 

Your Device List 


PageNo : 1 


Add 


Serial Number / 
Host ID 

Device Name 

Model 

Note 

104081783857 

Vigor2710 

Vigor2710 

- 

200807100001 

VigorPro5300 

VigorPro5300 

- 

200911030001 

rvan 

ViaorPro5300 

- 


Note: Below the field of Your Device List, all the Vigor routers that you have 
registered to MyVigor website will be displayed in sequence. 


4 When the following page appears, please type in Nick Name (for the router) and choose 
the right registration date from the popup calendar (it appears when you click on the 
box of Registration Date). After adding the basic information for the router, please click 

Submit. 
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yVigon 

Q Home 

A 


H Search 1 GO 

■ 

D About Us 

IW> Product 

Search lor this site l 

C3 Product 





Registration Devise 



xf My Information 




C VigorACS SI 

Serial number I 

animzatdaaoa&i _ 


'■Vigor Series 

Nickname :* 

vigor2960 


O Management 

Registration Date ; * 

08 24 2011 


* Product 

Usage: 

-Select- v 


Registration 




■A Custumer Survey 

Pruduut Rating : 

- Select— _ v ( Yoyr opinion so for f 


Nu. at Employees : 

- Select - v | In total within your company | 


Supplier : 

[Where you bought it Irom | 


Date ol Purchase : 

[ mnvdd-yyyy ] 


Internet Con neolion: 

* 



□ Cable 

□ ADSL 

□ VDSL 

□ Fiber 

□ 3G 

Cl WiMAX 

□ ITE 



Cancel | 


Submit | 
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5 Now, your router information has been added to the database. Click OK to leave this 
web page and return to My Information web page. 


Your device has been successfully added to the database. 


OK 


6 Take a look at the page of My Information, the new added Vigor2960 is listed under 

Your Device List. 


DrayTek 

A 



AdyV/gor 

\ n Home 

~Z1 



ISearoh I CO | 

0 Aboul Us 

0 Product 

"J 1 My Inlormatian 

C VigarACS SI 

Vigor Series 

My information 



■ 

Wrlromr.riraytckiflf 

Last Login Time : 2011 OB 24 091391 3 

Last Login From 1 1 23. 1 1 U.\44.?2Q 

Current Login Time 1 201 1 -08-24 23:01 !l 5 

Current Login From : 114.37.1 A'l. 1 EM 

Your Device Lisl 

RuwNe: 5 v 

PayeNo ; ? v 

$ Management 
j Cuslomt r Survey 





1 Serial Number i Has! 10 

Device Name 

Model 

Nule 


Vigor3300V 

Vigor33Q0 

■ 


20100708105301 

Vigor2U2U 

VigurZEl 2U 

- 


mmnmimmi 

Vigaf271 Ovn 

Viyur2710 

- 


2010121707335201 

Vjgor2920 

Vigor 29 20 



2UH0U2214j2U3Ul vigar2%0 Vigor2960 
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Chapter 3: Application and 
T utorial 


3.1 How to Build SSL VPN with RDP Service in the Browser via 
Logging in Router's HTTPS Server? 

Remote Desktop Protocol (RDP) is a protocol designed for secure communications in 
networks using Microsoft Terminal Services. An easy way is provided to establish 
connection between the router and the RDP Server via any browser. 

Vigor2960 


114.44.53.194 

192.168.2.1/24 

11 RDP Server 

| IP: 192.168.2.10/24 
Gateway: 192.168.2.1 




1. Open the web configurator of Vigor2960. 

2. Enable the HTTPS service from System Maintenance » Access Control by clicking 
Enable for HTTPS Allow and type 443 as the value of HTTPS Port. 
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3 . 


Open SSL VPN » SSL Application and click the RDP tab to create a profile named 
“Win7”. Type IP address, Port number, and Screen Size based on the actual RDP server 
information, then click Apply to save the settings. 



Auto Logout 


External Devices 


Vigor2960 Series 11:38:09 Login: Admin 


SSL VPN » SSL Application » RDP 
VNC RDP 



4. Open User Management» User Profile to create a new profile named “7788”. Set 
the Password as 7788 and choose the profile of Win7 as SSL Application (RDP). 
Click Apply. 


^rayTek^^ 

User Profile 

— 



■ 

X 

Login: Admin (5^ 








L) L (xft. 1 5Mjn - v 

Username : 

7788 






13 Enable This Profile 






Quick Start Wizard 

—1 





Profile Number Limit: 200 

Online Status 


Password : 

.... 






Idle Timeout (sec) : 

300 




from Static IP Addre Use mOTP 



Usage Time (min): 

480 




Disable 



System User : 

false | v | 







Group : 

t_H 







PPTP : 

O Enable ® Disable 





General Setup 

£ 

L2TP : 

O Enable ® Disable 





j User Profile 


DHCP from : 

jlanl M 





User Group 


Static IP Address : 


m 

(Optional) 



RADIUS 


O Enable ® Disable 



LDAP / Active Directory 


Use mOTP: 







mOTP PIN Code : 

1 1 







mOTP Secret: 

















H Apply 

Cancel 

1 



tj 

- 1 


5. Logout Vigor2960. 

6. Login Vigor2960 HTTPS Server with 7788 for both Username and Password. 
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7. A screen like the following figure will appear. Simply click the SSL Application link. 


DrayTek 


F^IWolf'd S5L.WK 


INFO 


** 77013 , 

(1 

chfr 

CrayTak SSLVPNi 


TTRfeHiilaAw imiiwjles 



Mai'-i Page: 


vgu have successful^ logged ini 

M gr.inftod (H« fgllgwing enYltoflfrS: 

■ sawrfr eh 

"■ '-* »L AmmcefleS 

* 


£ !ufl9.u! ) 


CGO?right G £006, OrayTek Cgrp. All Rights Reserved ■ 


8. In the following screen, click Connect for connecting to Win7, the RDP server. 

DrayTek 
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INFO 

"SSL AfifJiCtftltifl 

- Click "Cannect 1 to 
establish an SSL 
ApplKatwo! 


fctU 

Us# SSLApplitaiWtl: 


AIIIIIII ■ariini 


RDP 


* Yfm7 l9£.16S.2.10:aSgg P fUbf»en 


I taJi) 


rsme-Dut a'te-i Snmr*tfte* 

j pja^iit TiiftdqQt l 
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9 . 


After that, you can access into Windows 7 via a browser. Note the message below the 
window. In which, TLS means Transport Layer Security. 


YigPJ SSL ?PW - RDF Application - Gnofile Cformne 




Java ♦ 

»»* 


Nor? If you are using Sun JKE € .0 or newer versions. Please go to the Java 
Control Panel a-ict disable TLS 1 C 1 in Advanced ^Security option 


iri 

k 



n □ 

Jfllwiivrjij+ror 






<. Windows' 7 mew 

ft 
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Troubleshooting 

If you have installed Java Runtime Environment edition 6 but still cannot establish the 
connection, please make sure you have disabled “Use TLS 1.0” in the Java Control Panel 
as figure shown below. Then, try to connect again. 
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3.2 How to Configure OSPF? 

OSPF (Open Shortest Path First) uses the algorithm of SPF (Shortest Path First) to calculate 
the route metric. It is suitable for large network and complicated data exchange. Both 
Vigor2960 and Vigor3900 support up to OSPF version 2(only for IPv4). 

The autonomous system (AS) used in OSPF indicates the largest entity and can be divided 
into several areas. Usually, Area 0 will be used as OSPF backbone which distributing the 
routing information among areas. 

When you need faster convergence than distance vector, want to support much larger 
networks or want to have less susceptible to bad routing information, you can enable OSPF 
feature to fit your request. Note that both routers must support OSPF function at the same 
time to build the OSPF connection. 

In the following example, a PC can go 192.168.2.0/24 and 192.168.4.0/24 without setting 
any Static Route. Refer to the OSPF topology diagram listed below. 


Area 11 

Vigor3900 A 



IP: 192.16B.1.10/24 ... „ 

Gateway: 192.168.1.1 Vigor39G0 B 



Vigor2960 


192.168.3.3/24 



OSPF can place each router (e.g., Vigor3900A, Vigor3900B and Vigor2960 shown above) at 
the root of a tree and calculate the shortest path to each destination according to the 
cumulative cost to reach the destination. 

Each router has its own view of the topology and calculates its own SPF tree, even though all 
the routers build a shortest-path tree using the same link-state database. 
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Configuration for Vigor3900 A, 


1. Open LAN » General Setup to create a LAN (192.168.1.1/24) profile named lanl 
with the settings shown below. 


DrayTek . 


AufrLwii: off 

■I... >. '■■l.'ul /.'l .'.II ■ I 

(>i*m si .a ik. 


V KC'iriaii) 

M-flk R-mA* 
Srtffdt 

SAnl IF te M AC 

kj : ' ct.iirinriFfJii.il 

LkSOT Cortk] 


Pi'Sffle: om 

Civililf IJh-v PiotHe 
hfd^tkwi 

VI AH®: IQ 

twndihuc fltWfiM -5; Bum OWf.** 


Protocol 

Hole 

Sriluwi Ua^h. 

04 *w-iy ® fl4ilr«s 


ElaUc 

NAT 


25i25S.255.G 


Add £?| Eii* 


SPiolocijI 
jfife-LMH 

Jnfe-LMal 


Subnei M-iSh 
Ha. Il9mil»s.li <m. 


t3 1 3 CSHlffll 


2. Next, continue to create a LAN (192.168.3.1/24) profile named lan2 with the settings 
shown below. 


Dray 


Tel 


ilirit'l .Mjoi.il 02 

OcKk St.iinAflj.ird 
Orfciu StJUIS 


ip KomuHi 

il.dcfimdt 

Swtch 

QnMli>lnUA< 

RJPCMArPHMk 


f'li.ifc: ian2 

'■y ln.itle This ft oHo 
Dua^lkn 

VLAN®: 11 

(feta# MAC tffriuMf QpfijlJlfl- 

MAC fckt«&f : few I; |*» I! ; frt I: 


tf*v4 Pi otoc N 
Mo do 
iPAdAtiS 

Siimot U.ml: 
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ilatn 

NAT 


;£j Add t3 
" 1B 


Subnet Maw. 
Ha items-» show 


ftntncol 
Jfik- Local 
jnk- Loral 


H 4wW © Camel 

JiL 


3. Open LAN » Static Route Setup and click the Inter-LAN Route tab to enable this 
profile. 


Auto Logout: Off v 

Quick Start Wizard 


Online Status 

WAN 

LAN 


Geneial Setup 

IP Routing 

Static Route 

Switch 

Bind IP to MAC 


DID /'ni.fi.n» ltinti 


Static Route IPv6 Static Route liitei -LAN Route 

[y Enable This Piofile 


Vigor2960 Series User’s Guide 


27 


DrayTek 


























































4. Open LAN » OSPF Configuration to enable this profile. Click Add to make the LAN 
Profiles lan2 area setting as 11 and lanl area as 11. (As shown in the topology diagram.) 



LAN » OSPF Configui.ition 

Auto Logout Off 



OSPF Configuration 




Quick Start Wiz.ii <1 

M 

[y Enable This Pr 

ofile 

Online Stotus 

WAN 


& Add 

LAN 




Geneial Setup 




LAN Piofile 

Aiea 

IP Routing 




Ian2 

11 

Static Route 



Piofile 

lanl 

11 

Switch 






Bind IP to MAC 






RIP Configuration 






OSPF Configuration 







Configuration for Vigor3900 B, 

1. Open LAN » General Setup to create a LAN (192.168.2.1/24) profile named lanl 
with the settings shown below. 



2. Next, continue to create a LAN (192.168.3.2/24) profile named lan2 with the settings 
shown below. 
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3. Open LAN » Static Route Setup and click the Inter-LAN Route tab to enable this 
profile. 


Static Route IPv6 Static Route Inter-LAN Route 


[? Enable This Piofile 


WAN 

LAN 


Genet al Setup 
IP Routing 



DID C/tinfiitiii .utisiii 


Auto Logout Off 

v 


Ouick st.ii t Wizard 


0 

Online Status 




4. Open LAN » OSPF Configuration to enable this profile. Click Add to make the LAN 
Profiles lan2 area setting as 11 and lanl area as 11. (As shown in the topology diagram.) 



LAN » OSPF CoiifKjiiiotion 
OSPF Coiifi<jiii.itioii 

g)Enable This Piofile 


& Add 


LAN Piofile 

Aiea 


Ian2 

11 

rib 

lanl 

11 

QD 


Configuration for Vigor2960, 

1. Open LAN » General Setup to create a LAN (192.168.4.1/24) profile named lanl 
with the settings shown below. 
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2. Next, continue to create a LAN (192.168.3.3/24) profile named lan2 with the settings 
shown below. 


4. 


DrayTek 



Open LAN » Static Route Setup and click the Inter-LAN Route tab to enable this 
profile. 


Auto Logout: Off 


Quick Start Wizard 


Online Status 


fl 



General Setup 


IP Routing 


Static Route 


Switch 


Bind IP to MAC 


DID J'/LlrfiilMI .Ytioii 


Static Route IPv6 Static Route Inter-LAN Route 

[y: Enable This Profile 


Open LAN » OSPF Configuration to enable this profile. Click Add to make the LAN 
Profiles lan2 area setting as 11 and lanl area as 11. (As shown in the topology diagram.) 


Auto Logout : Off v 



LAN >> OSPF Configuration 
OSPF Configuration 


0 Enable This Profile 


Profile: 


Q Add 

LAN Piofile 

Area 


Ian2 

11 

mi l 

lanl 

11 
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5. After setting, check the routing information (marked with red line) which is created by 
OSPF. 

Routing information for Vigor3900 A 

Diagnostics » Routing Table » Routing Table 


Routing Table IPv6 Routing Table 



Refresh 

Destination 

Gateway 

Genmask 

Flags 

Metric 

(face 

; 192.168.4.0 

192.168.3.3 

255.255 255.0 

m 

20 

Ian-lan2 

192.1 66.3.0 

0 . 0 . 0.0 

255.255,255.0 

u 

0 

Ian-lan2 

1192.168.2.0 

192.168.3.2 

255.255 255.0 

ug 

20 

Ian* Ian 2 

192.168.1.0 

O.O.Q.O 

255.255.255.0 

u 

0 

Ian-Ian 1 


Routing information for Vigor3900 B 


Diagnostics » Routing Table » Routing Table 



Routing information for Vigor2960 


Diagnostics » Routing Table » Routing Table 


Routing Table IPv6 Routing Table 


0 Refresh 

Destination 

Gateway 

Genmask 

Flags 

Metric 

Iface 

192.168.4.0 

0.0.0.0 

255.255.255.0 

U 

0 

lan-lanl 

192.168 3 0 

0.0.0.0 

255.255.255.0 

U 

0 

Ian-lan2 

192.168 2.0 

192.168 3 2 

255.255.255.0 

UG 

20 

lan-lan2 


192 168 1.0 

192.168 3 1 

265.255 255.0 

UG 

20 

Ian-lan2 
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3.3 How to Configure LAN to LAN IPSec Tunnel between 
Vigor2960 and Other Router 

Here provides an example about LAN to LAN IPSec tunnel established between Vigor2960 
and Vigor2710. 


Vigor2710 Vinnr?9fin 



Configuring Vigor2960 

1. Access into the web configurator of Vigor2960 and open VPN and Remote Access » 
LAN to LAN Profiles to add a new VPN configuration. 



Type the Pre-shared key and choose a WAN Profile. Specify Local IP/Subnet Mask 
with 192.168.29.0/24. The Remote Host should be Vigor 2710 ? s WAN IP address; And 
the Remote IP/Subnet Mask should bel92.168.2.0/24. 

2. Click Apply to save the settings and return to previous page. 
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Configuring Vigor2710 

1. In Vigor2710, it is necessary to build two VPN connections (for two WANs) to connect 
with Vigor2960. Please open the web configurator of Vigor2710 and open VPN and 
Remote Access » LAN to LAN. 


1. Common Settings 


Profile Name [2960 

Call Direction 0 Both 

0 Dial-Out 0 Dial-in 

0 Enable this profile 

0 Always on | 



Idle Timeout 

-1 second(s) 

VPN Dial-Out Through WAN1 First 

Netbios Naming Packet ©Pass UBlock 

□ Enable PING to keep alive 

PING to the IP 



Multicast via VPN 0Pass 0 Block 

(for some IGMPjIP-CamerajDHCP Relay.,etc,) 


• First, please type the name of such VPN connection in the field of Profile Name 
(e.g., 2960). 

• Check the box of Enable this profile. 

• Choose Dial-Out as Call Direction and check the box of Always on. 


2. For Dial-Out Settings, please choose IPSec Tunnel and type WAN IP address of 

Vigor2960 in the field of Server IP/Host Name for VPN (e.g., 1.169.162.1). Type the 
same IKE Pre-Shared Key configured in Vigor2960. 


Username 
password 

ppp Authentication 

VJ Compression Qn off 

IKE Authentication Method 
0 Pre-Shared Key 
I IKE Pre-Shared Key 
O Digital Signature(X,509) 

Peer ID 
Local ID 

Alternative Subject Name First 
0 Subject Name First 

IPsec Security Method 

0 Medium(AH) 

® High(ESP) 3DES withoul Authentication v 
| Advanced | 

Index(l-lS) in Sdiednle Setup: 




2. Dtaf-Out Settings 
Type of Server I am calling 

P PPTP _ 

© IPsec Tunnel 
O L2TP with IPsec Policy 


Server IP/Host Name for VPN, 

(such as draytek.com or 123,45.67.89} 



1.169.162.1 

1 
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3. For the role of Vigor2710 is dialing-out, please skip Dial-In setting. Type the Remote 
Network IP and Remote Network Mask of Vigor2960 to complete configuration. 


4. TCP/IP Network Settings 



4. Please check if the VPN connection is built successfully in both devices respectively. 

For Vigor2960, open VPN and Remote Access»IPSec»Status for viewing the 
result. 

VPN Remote Access » Connection Management 
Connection Management 


Profiles: v Connect t+ilPSec OPPTP P Refresh 



VPN 

Type Remote IP Virtual Network 

Up Time 

RXfPackets) TX(Packets) 

Dis 

2710 

IPSec/3DES_No Autt 111.243.176.145 192.16S.2.0/24 

00:01:06 

1 0 

m 


As to Vigor2710, please open VPN and Remote Access»Connection Management 
to confirm the result. 

VPN and Remote Access » Connection Management 


Dial-out Tool 


Refresh Seconds : 10 v | Refresh | 

(2960) 1.169.162.1 ~ vj| Dial | 


VPN Connection Status 


Current Page: 1 Page No. | Go | ED 



n . T n Virtual Tx Tx Rx Rx .. T . 

VPN Type Remote IP ... . v n i * n, * v UpTime 

Network Pkts Rate(Bps) Pkts Rate(Bps) K 

( 2960 ) 3DES-N11 Auth 'vtd WANl"^ 192.168.29.0/24 0 0 0 0 0:10:19 [^] 



xxxxxxxx : Data isn't encrypted, 
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Chapter 4: Advanced 
Configuration 


After finished basic configuration of the router, you can access Internet with ease. For the 
people who want to adjust more setting for suiting his/her request, please refer to this chapter 
for getting detailed information about the advanced configuration of this router. As for other 
examples of application, please refer to chapter 3. 


4.1 WAN 


Quick Start Wizard offers user an easy method to quick setup the connection mode for the 
router. Moreover, if you want to adjust more settings for different WAN modes, please go to 
WAN group and click the General Setup link. 

Basics of Internet Protocol (IP) Network 

IP means Internet Protocol. Every device in an IP-based Network including routers, print 
server, and host PCs, needs an IP address to identify its location on the network. To avoid 
address conflicts, IP addresses are publicly registered with the Network Information Centre 
(NIC). Having a unique IP address is mandatory for those devices participated in the public 
network but not in the private TCP/IP local area networks (LANs), such as host PCs under 
the management of a router since they do not need to be accessed by the public. Hence, the 
NIC has reserved certain addresses that will never be registered publicly. These are known as 
private IP addresses, and are listed in the following ranges: 

From 10.0.0.0 to 10.255.255.255 
From 172.16.0.0 to 172.31.255.255 
From 192.168.0.0 to 192.168.255.255 

What are Public IP Address and Private IP Address 

As the router plays a role to manage and further protect its LAN, it interconnects groups of 
host PCs. Each of them has a private IP address assigned by the built-in DHCP server of the 
Vigor router. The router itself will also use the default private IP address: 192.168.1.1 to 
communicate with the local hosts. Meanwhile, Vigor router will communicate with other 
network devices through a public IP address. When the data flow passing through, the 
Network Address Translation (NAT) function of the router will dedicate to translate 
public/private addresses, and the packets will be delivered to the correct host PC in the local 
area network. Thus, all the host PCs can share a common Internet connection. 

Get Your Public IP Address from ISP 

In ADSL deployment, the PPP (Point to Point)-style authentication and authorization is 
required for bridging customer premises equipment (CPE). Point to Point Protocol over 
Ethernet (PPPoE) connects a network of hosts via an access device to a remote access 
concentrator or aggregation concentrator. This implementation provides users with 
significant ease of use. Meanwhile it provides access control, billing, and type of service 
according to user requirement. 

When a router begins to connect to your ISP, a serial of discovery process will occur to ask 
for a connection. Then a session will be created. Your user ID and password is authenticated 
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via PAP or CHAP with RADIUS authentication system. And your IP address, DNS server, 
and other related information will usually be assigned by your ISP. 



4.1.1 General Setup 

This section will introduce some general settings of Internet and explain the connection 
modes for WAN profiles in details. 

This router supports multi-WAN function. It allows users to access Internet and combine the 
bandwidth of the WAN profiles to speed up the transmission through the network. Each 
WAN port can connect to different ISPs, even if the ISPs use different technology to provide 
telecommunication service (such as DSL, Cable modem, etc.). If any connection problem 
occurred on one of the ISP connections, all the traffic will be guided and switched to the 
normal communication port for proper operation. 



Each item will be explained as follows: 


Each item will be explained as follows: 


Item 

Description 

Edit 

Modify the selected WAN profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Refresh 

Renew current web page. 

Profile 

Display the profile name. 

Enable This Profile 

Display the status of the profile. False means disabled; True 
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means enabled. 

Description 

Display a brief explanation for such profile. 

VLAN ID 

Display the VLAN ID of the profile. 

VLAN Tag 

If the data transmitted with tag, Enable will be displayed in 
this field. Otherwise, Disable will be shown instead. 

Port 

Display the physical WAN interface for such profile. 

IPv4 Protocol Type 

Display the IPv4 protocol selected by the profile. 

IPv6 Protocol Type 

Display the IPv6 protocol selected by the profile. 


How to edit the WAN profile 

1. Open WAN»General Setup. Choose WAN1 or WAN2 profile and click the Edit 
button to open the following dialog. Only the tab of the protocol specified in IPv4 
Protocol field will be available for you to modify. If you want to change and specify 
another connection mode for such WAN profile, remember to choose the mode from 
the drop down list of IPv4 Protocol. 


General Setup - X 



Available parameters for global configuration are listed as follows: 


Item 

Description 

Profile 

Type a name for such profile. 

Enable This Profile 

Check this box to enable such profile. 

Description 

Give the brief description for such profile. 

VLAN ID 

Type the VLAN ID number for such profile. 

VLAN Tag 

Enable - Click it to enable the function of VLAN Tag. Data 
transmitted through the router will not be tagged with any 
number. 

Disable - Click it to disable the function of VLAN Tag. 

Data transmitted through the router will be tagged with 
specified number for identification. 
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Port 

Display the physical WAN interface for such profile. 

Default MAC 
Address 

Enable - Click it to enable the default MAC address for 
such profile. 

Disable - Click it to type the MAC address manually for 
such profile. 

MAC Address - Specify the MAC address for such profile if 
you click Disable for Default MAC address. In default, the 
system will determine it automatically. 

Mode 

Determine such profll 

ROUTING 

NAT 

ROUTING 

e v 

V 

/ill be used for NAT or routing. 

IPv4 Protocol Type 

There are four connec 
protocol type. Each m 

None 

None 

Static 

DHCP 

PPPoE 

PPTP 

tio 

odi 

V 

n modes for you to specify for IPv4 
e will bring up different web page. 

IPv6 Protocol Type 

There are four connec 
protocol type. Each m 

Link-Local 

Link-Local 

Static 

DHCP-IA_NA 

DHCP-IA_PD 

tio 

odi 

V 

n modes for you to specify for IPv6 
e will bring up different web page. 

Apply 

Click it to save the configuration and exit the dialog. 

Cancel 

Click it to exit the dialog without saving the configuration. 


Global configuration allows you to enable the profile, give a brief explanation for such 
profile, specify the VLAN ID, specify MAC address, choose IPv4 and IPv6 protocol, 
and specify the mode of the data transmission (NAT or Routing). 
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Different IPv4 and IPv6 protocol types specified will bring up different configuration 
web page. 

• If you choose Static as IPv4 protocol type, click the Static tab to open the following 
page: 



Available parameters are listed as follows: 


Item 

Description 

IP Address 

Type the IP address specified for such profile. 

Subnet Mask 

Use the drop down list to choose the subnet mask for such 
profile. 

Gateway IP 

Address 

Type a public gateway address for such WAN profile. 

- click it to remove the IP address if you are not 
satisfied with it. 

DNS Server IP 
Address 

Add - Click this button to display the IP address field for 
adding a new IP address. Type the IP address on the tiny 
boxes one by one. 


DNS Server IP Address : 


O Add a Save 
DNS Server IP Address 

168 95 1 


UD 


Save - After finished the IP address configuration, click 
Save to save the setting onto the router. 


45 Add H Save 

DNS Server IP Address 


1 65.95. 1.1 

1 hd 1 


Vigor2960 Series User’s Guide 


39 


DrayTek 





































IP Alias 


® - Click the icon to remove the selected entry. 

Type other IP addresses to be bound to this interface. This 
setting is optional. If you have typed addresses here, you can 
see and choose it in later web page settings (e.g., 

NAT»Port Redirection/DMZ Host). 


Add - Click this button to display the IP address field for 
adding a new IP address. Type the IP address on the tiny 
boxes one by one. 


O Add 

M Save 



IP 


Subnet Mask 



192 

16-3 1 

•35 1255.255.255.0 

Rd 



Save - After finished the IP address configuration, click 
Save to save the setting onto the router. 


Add H Save 

IP Subnet Mask 


1 92. 1 63. 1 .35 255.255.255,0 



MTU/MRU 


^ - Click the icon to remove the selected entry. 

Type the value of MTU/MRU. The default value is 1500. 


Connection Select a detecting mode for this WAN interface. There are 

Detection Mode three ways ARP, PING and HTTP supported in Vigor 

router for you to choose to send the request out. 


PING 

None 

ARP 

PING 

HTTP 


V 


Connection Add - Click this button to have a field for adding a new IP 

Detection Host address. Assign an IP address or Domain name as a 

destination to be detected whether the host is active (sending 
reply to the router) or not. If not, the connection of WAN 
interface will be regarded as breaking down. This function 
is available when Connection Detection Mode is set with 


PING or HTTP. 



Add H Save 

Connection Detection Hosi 

Connection Detection Host : 

1 92.168.1.28 


Save - click this button to save the setting. 
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- click the icon to remove the selected entry. 

Connection 

Detection Interval 

Assign an interval period of time for each detecting. 

Connection 

Detection Retry 

Assign detecting times to ensure the connection of the WAN 
interface. After passing the times you set in this field and no 
reply received by the router, the connection of WAN 
interface will be regarded as breaking down. 

Apply 

Click it to save the configuration and exit the dialog. 

Cancel 

Click it to exit the dialog without saving the configuration. 


• If you choose DHCP as IPv4 protocol type, click the DHCP Tab to open the 
following page: 



Available parameters are listed as follows: 


Item 

Description 

Host Name 
(Optional) 

Type a name as the host name for identification. 

IP Alias 

Type other IP addresses to be bound to this interface. This 
setting is optional. If you have typed addresses here, you can 
see and choose it in later web page settings (e.g., 

NAT»Port Redirection/DMZ Host). 


Add - To add a new IP address, click Add. Type the IP 
address and use the drop down list to specify the subnet 
mask. Next, click Save. The new one will be added and 
displayed on the field under the box. 
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Add H Save 

IP Subnet Mask 

1 92.1 6S. 1. S6 255.255.255.0 

Save - Click this button to save the setting. 

® - Click the icon to remove the selected entry. 

MTU/MRU 

It means Max Transmit Unit for packet. The default setting 
is 1500. 

Connection 

Detection Mode 

Select a detecting mode for this WAN interface. There are 
three ways ARP, PING and HTTP supported in Vigor 
router for you to choose to send the request out. 

PING v 

None 

ARP 

PING 

HTTP 

Connection 

Detection Host 

Add - click this button to have a field for adding a new IP 
address. Assign an IP address or Domain name as a 
destination to be detected whether the host is active (sending 
reply to the router) or not. If not, the connection of WAN 
interface will be regarded as breaking down. This function is 
available when Connection Detection Mode is set with 

PING or HTTP. 

Add H Save 

Connection Detection Hosi 

1 92.168.1.28 

Connection Detection Host : 

Save - Click this button to save the setting. 

BD - Click the icon to remove the selected entry. 

Connection 

Detection Interval 

Assign an interval period of time for each detecting. 

Connection 

Detection Retry 

Assign detecting times to ensure the connection of the WAN 
interface. After passing the times you set in this field and no 
reply received by the router, the connection of WAN 
interface will be regarded as breaking down. 
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Apply 

Click it to save the configuration and exit the dialog. 

Cancel 

Click it to exit the dialog without saving the configuration. 


• If you choose PPPoE as IPv4 protocol type, click the PPPoE Tab to open the 

following page: 



Available parameters are listed as follows: 


Item 

Username 

Password 

MTU/MRU 

Debug 


Always On 


Description 

Type the user name offered by your ISP. 

Type the password offered by your ISP. 

Type the value of MTU/MRU. The default value is 1492. 

Click Enable to display the PPPoE debug message in 
Syslog. The default setting is Disable. 

Enable - Click it to enable the function of Always On. The 
router will keep network connection all the time. 


Fixed IP 


Disable - Click it to disable the function of Always On. 

Enable - Click it to enable the function of Always On. The 
router will keep network connection all the time. 


Disable - Click it to disable the function of Always On. 


Fixed IP Address - Type an IP address here if you choose 

Enable for Fixed IP. 

Connection Select a detecting mode for this WAN interface. There are 

Detection Mode two ways PING and HTTP supported in Vigor router for 

you to choose to send the request out. 


PING 

! v 

None 

PING 


HTTP 
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Connection If you choose PING/HTTP as Connection Detection Mode, 

Detection Host you have to specify the detection host address in this field. 

Use the default setting. 


Add - Click this button to have a field for adding a new IP 
address. Assign an IP address or Domain name as a 
destination to be detected whether the host is active (sending 
reply to the router) or not. If not, the connection of WAN 
interface will be regarded as breaking down. This function 
is available when Connection Detection Mode is set with 
PING or HTTP. 



Add H Save 

Connection Detection Hosi 

Connection Detection Host : 

1 92.168.1.28 


Save - Click this button to save the setting. 


Connection 
Detection Interval 

Connection 
Detection Retry 


^ - Click the icon to remove the selected entry. 
Assign an interval period of time for each detecting. 


Assign detecting times to ensure the connection of the WAN 
interface. After passing the times you set in this field and no 
reply received by the router, the connection of WAN 
interface will be regarded as breaking down. 


IP Alias 


Type other IP addresses to be bound to this interface. This 
setting is optional. If you have typed addresses here, you can 
see and choose it in later web page settings (e.g., 

NAT»Port Redirection/DMZ Host). 


Add - Click this button to display the IP address field for 
adding a new IP address. Type the IP address on the tiny 
boxes one by one. 


IP Alias : 



Save - After finished the IP address configuration, click 
Save to save the setting onto the router. 


Add H Save 

IP 

Subnet P.lask 


192.168.1.85 255 255 255 0 



Apply 


® - Click the icon to remove the selected entry. 
Click it to save the configuration and exit the dialog. 
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Cancel 


Click it to exit the dialog without saving the configuration. 


• If you choose PPTP as IPv4 protocol type, click the PPTP Tab to open the 

following page: 



Available parameters are listed as follows: 


Item 

Description 

PPTP Over 

Usually ISP dynamically assigns IP address to you each time 
you connect to it and request. In some case, your ISP 
provides service to always assign you the same IP address 
whenever you request. In this case, you can fill in this IP 
address in the Fixed IP field. Please contact your ISP 
before you want to use this function. 

Choose a proper protocol, Static or DHCP. After finished 
the settings in such page, you need to open the Static or 

DHCP tab for configuring the settings there. 

Server Address 

Type the IP address of PPTP server offered by your ISP. 

Username 

Type the user name offered by your ISP. 

Password 

Type the password offered by your ISP. 

MTU/MRU 

Type the value of MTU/MRU. The default value is 1452. 

Debug 

Click Enable to display the PPTP debug message in syslog. 
The default setting is Disable. 

Always On 

Enable - Click it to enable the function of Always On. The 
router will keep network connection all the time. 

Disable - Click it to disable the function of Always On. 

Connection 

Detection Mode 

Select a detecting mode for this WAN interface. There are 
two ways PING and HTTP supported in Vigor router for 
you to choose to send the request out. 
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If you choose PING/HTTP as Connection Detection Mode, 
you have to specify the detection host address in this field. 
Use the default setting. 

Add - Click this button to have a field for adding a new IP 
address. Assign an IP address or Domain name as a 
destination to be detected whether the host is active (sending 
reply to the router) or not. If not, the connection of WAN 
interface will be regarded as breaking down. This function 
is available when Connection Detection Mode is set with 
PING or HTTP. 



Add H Save 

Connection Detection Hosi 

Connection Detection Host : 

1 92.168.1.28 


Save - Click this button to save the setting. 

- Click the icon to remove the selected entry. 


Connection 

Detection Interval 

Assign an interval period of time for each detecting. 

Connection 

Detection Retry 

Assign detecting times to ensure the connection of the WAN 
interface. After passing the times you set in this field and no 
reply received by the router, the connection of WAN 
interface will be regarded as breaking down. 

Apply 

After finished the PPTP configuration, please click Static or 
DHCP (according to the PPTP Over Protocol setting) to 
modify the Static/DHCP configuration for such profile. 

Click it to save the configuration and exit the dialog. 

Cancel 

Click it to exit the dialog without saving the configuration. 


Connection 
Detection Host 


• If you choose Link-Local as IPv6 protocol type 

Link-Local address is used for communicating with neighbouring nodes on the same 
link. It is defined by the address prefix fe80::/64. You don't need to setup Link-Local 
address manually for it is generated automatically according to your MAC Address. 
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• If you choose Static as IPv6 protocol type, click the StaticV6 tab to open the 
following page: 



Available parameters are listed as follows: 


Item 

Description 

IPv6 Address 

Type the IP address for such protocol. 

IPv6 Prefix Length 

Type your IPv6 address prefix length. 

IPv6 Gateway 
Address 

Type your IPv6 gateway address. 

IPv6 DNS Server 
Address 

Type your IPv6 primary DNS Server address. 



;; r : Add H Save 


IPv6 DNS Seiver Address 


1 92.168.1.8 

IPv6 DNS Seiver Address : 

Add - Click this button to have a field for adding a new IP 
address. 

Save - Click this button to save the setting. 

J - Click the icon to remove the selected entry. 

Apply 

Click it to save the configuration and exit the dialog. 

Cancel 

Click it to exit the dialog without saving the configuration. 
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• If you choose DHCP-IA NA as IPv6 protocol type, click the DHCPV6 Tab to open 

the following page: 



Available parameters are listed as follows 


Item 

DHCP (IA NA) 
Gateway Address 

DHCP (IA_NA) 
DNS Address 


Description 

Type the gateway IP address for IPv6 DHCP IA_NA mode. 


Add - Click this button to type primary DNS server address 
for IPv6. 


DHCPv6(IA_NA) DNS Address : 



Save - Click this button to save the setting. 


Apply 

Cancel 


^ - Click the icon to remove the selected entry. 

Click it to save the configuration and exit the dialog. 

Click it to exit the dialog without saving the configuration. 


• If you choose DHCP-IA PD as IPv6 protocol type 

It is not necessary for you to configure any web page. 

2. After finished the settings configuration, click Apply to save and apply the settings. 
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4.1.2 Default Route 

This page allows you to assign a WAN profile as the default route. 



Available parameters are listed as follows: 


Item 

Description 

WAN Profile 
/Load Balance Pool 

Name 

Display the WAN profiles for user to choose as a default 
route. 

In which, wanl to wan2 are factory default settings. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the dialog without saving the configuration. 
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4.1.3 Load Balance 


Vigor2960 supports a load balancing function. It can assign traffic with protocol type, IP 
address for specific host, a subnet of hosts, and port range to be allocated in WAN interface. 
User can assign traffic category and force it to go to dedicate network interface based on the 
following web page setup. 

In the WAN group, click the Load Balance option. 

Pool 

This page allows the user to integrate several WAN profiles as a pool profile specified with 
the function of load balance or failover. The profiles configured here will be selected in the 
field of WAN»Default Route page. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new pool profile. 

Edit 

Modify the selected pool profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
pool. 

Delete 

Remove the selected pool profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile 

Display the name of the rule. 

Mode 

Display the protocol of such rule. 

Interface 

Display the name of the WAN profiles for Load Balance 
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rule. 

Primary Profile 

Display the primary profile configured in Failover page for 
such profile. 

Backup Profile 

Display the backup profile configured in Failover page for 
such profile. 


There are two modes, Load_Balance and Failover, for you to choose as the Pool 
configuration. If you choose Load_Balance, the tab of Load_Balance will be shown which 
allows you to configure for different WAN interfaces. If you choose Failover, the tab of 
Failover will be displayed which allows you to specify the primary profile and backup 
profile for such Pool setting. 

How to add a pool profile for Load Balance 

1. Open WAN»Load Balance and click the tab of Pool. 


WAN » Load Balance » Pool 



2. Simply click the Add button to open the following dialog. Type a name for such profile 
(e.g., LB_1). Choose Load_Balance as the Mode selection. 

Pool (- X 

Mode 


Profile : 
Mode : 


H Apply 9 Cancel 


Load_Balance 


Load_Balance 

Hi 

Load_Balance 

Failover 
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3. 


Click the Load Balance Tab. 



4. 


Click Add. A new line for adding new entry will appear. Use the drop down list of 
Interface to choose one of the WAN profiles. Type the value (e.g., 20) for Weight. 


j Pool 


Mode 

Loacl_Balance 

Failover 

1 







Interface : 


Add H Save 

Interface 

Weight 



V 


ini 


want 



wan2 





5. Click Apply. A new profile will be added on the page. 


WAN » Load Balance » Pool 


Pool Rule 


ft Add 

Edit m Heists 

Refresh 


Profile 

Mode 

Interface 

Primary Profile 

LB_1 

Load_Balance 

wanl 20 
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How to add a Pool profile for Failover 

Such page allows you to set a backup profile which will be activated when the primary 
profile is invalid by any reason. 

1. Open WAN»Load Balance and click the tab of Pool. 


WAN » Load Balance » Pool 



2. Simply click the Add button to open the following dialog. Type a name for such profile 
(e.g., FL_1). Choose Failover as the Mode selection. 
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3. Click the Failover Tab. In default, the system will apply Primary Profile. If Primary 
Profile cannot be used any more, the Backup Profile will be used instead. 



4. Use the drop down list to choose the one you need. 


Pool 


E 


I- 


i 


Mode 

Load Balance 

Failover 





Primary Profile : 
Backup Profile : 


wanl 

V 

wan2; 

V 

wanl 

wan2 



5. Click Apply. A new profile will be added on the page. 


WAN » Load Balance » Pool 


Pool Rule 


© Add A Edit [|D Delete Refresh 


Profile I 


Profile 

Mode 

Interface 

Primary Profile 

LB_1 

Load_Balance 

wanl 20 


F L_ 1 

Failover 

wanl 20 

wanl 


Backup Pro 

wan2 
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Rule 


This page will make the packets be transmitted with user defined profiles with IP address 
and protocol that is different with default route. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new rule profile. 

Edit 

Modify the selected rule profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected rule profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Move Up / Move Down 

Move the selected profile up or down. 

Profile 

Display the name of the rule. 

Enable This Profile 

Display the status of such profile. 

Protocol 

Display the protocol used for such rule. 

Source IP Address 

Display the source IP address for such rule. 

Source Mask 

Display the source Mask for such rule. 

Destination IP Address 

Display the destination IP address for such rule. 

Destination Mask 

Display the destination Mask for such rule. 

Destination Port Start 

Display the destination port starting value for such rule. 
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Destination Port End 

Display the destination port ending value for such rule. 

Load Balance 

Pool/WAN Profile 

Display the profile of load balance applied for such rule. 


How to add a new rule for Load Balance 

1. Open WAN»Load Balance Policy and click the tab of Rule. 

2. Simply click the Add button. 

WAN » Load Balance Policy » Rule 
Pool Rule 

O Add >t Edit Btl Delete Refresh 

Profile Enable T Protocol Source I Source l Destinat D 

No items to show. 


3. The following dialog will appear. 
Rule 


- X 


Profile 

\7\ Enable This Profile 
Proto-col : 

Source IP Address : 

Source Mask : 

Destination IP Address : 

Destination P»1ask : 

Load Balance Pool/WAM Profile : 


Heavytraffic 


ALL 


192 


16B 


Jjjft (Optional) 


2EE.2EE.2EE.0 


(Optional) 


192 


16B 


SE 


jjm (Optional) 


2EE.2EE.2EE.0 


wanl 


(Optional) 


H Apply o Cancel 


Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the rule. 

Enable This Profile 

Check this box to enable such profile. 

Protocol 

Choose a protocol (ALL, TCP, UDP, TCP/UDP, ICMP, 

FTP, TFTP, HTTP, SMTP, POP3) for such rule applied to 
load balance. All is the default setting. 
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Source IP Address 

Type a WAN IP address here as the source IP address for 
such rule. 

™ !l - Click the icon to clear the IP setting. 

Source Mask 

Use the drop down list on the right to choose a suitable mask 
for the source. 


Source Mask : 

255.255.255.0 

V 

('■ 



255.255.255.0 

.!* 



Destination IP Address : 

Destination Mask : 

255.255.254.0 

255.255.0.0 

255.254.0.0 

0.0.0.0 

128 00.0 



Destination IP 
Address 

Type a WAN IP address here as the destination IP address 
for such rule. 

nm - Click the icon to clear the IP setting. 

Destination Mask 

Use the drop down list on the right to choose a suitable mask 
for the destination. 

Destination Port 

Start 

Type a value as the destination port starting for such rule. 

Destination Port 

End 

Type a value as the destination port ending for such rule. 

Load Balance Pool 
AVAN Profile 

Choose one of the profiles to be used by such rule. In which, 
wanl to wan5 profiles are configured in default. In addition, 
profiles configured in WAN»Load Balance Policy» Pool 
page also will be displayed here. 

To have user-defined WAN profile, please refer to 
WAN«General Setup for detailed information. 


Load Balance Pool/WAM Profile : wanl 


1" 



wanl 





wan2 








Apply 

Click it to save the configuration. 

Cancel 

Click it to return to the factory setting. 


4. Enter all the settings and click Apply. The new rule profile will be added on the screen. 


WAN » Load Balance » Rule 


Pool Rule 


2^ Add ^ Edit U[j Delete ^ Refresh Move Up Move Down 


Profile * Enable Thh Proto-col 

Source IP i 

Source 171a 

Destinatior 

Destinatior 

Destinatioi Destinatior Load Balan 

Heavytraffic true ALL 

192.163.1.... 

255.255.2... 

192.163.1.... 

255.255.2... 

wanl 
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4.2 LAN 


Local Area Network (LAN) is a group of subnets regulated and ruled by router. The design 
of network structure is related to what type of public IP addresses coming from your ISP. 

The most generic function of Vigor router is NAT. It creates a private subnet of your own. 
As mentioned previously, the router will talk to other public hosts on the Internet by using 
public IP address and talking to local hosts by using its private IP address. What NAT does 
is to translate the packets from private IP address to public IP address to forward the right 
packets to the right host and vice versa. Besides, Vigor router has a built-in DHCP server 
that assigns private IP address to each local host. 



4.2.1 General Setup 

This page allows you to set LAN profiles for PCs in LAN. Settings of DHCP, DHCP Relay, 
RADVD and DHCPv6 settings are generated automatically by the system when the LAN 
profile is created. You can edit these settings by switching into each tab individually. 

Note: One LAN profile shall be enabled at least to keep the normal operation. The default 
LAN profile named “lanl” shall not be deleted. Otherwise, the system might be damaged. If 
such file is deleted due to careless, please reset your router to restore the default setting. 


LAN » General Setup » General Setup 


General Setup 

DHCP 

DHCP Relay 

RADVD 1® DHCPvB 


S Add 

^ Edit HQ Delete Refresh 



Profile Number Limit : 

10 

Profile 

Enable This Profile Description 

VLAN ID 

IPv4 Protocol 

IPv6 Protocol 


lanl 

true 

10 

static 

Link-Local 
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General Setup 

This page allows you to enable the profile, give a brief explanation for such profile, specify 
the VLAN ID, specify MAC address, and choose protocol type for such profile. 


LAN » General Setup » General Setup 


General Setup 

DHCP 

DHCP Relay 

RADVD 

DHCPvS 



Add >£ Edit DQ Delete V*' Refresh Profite Number Limit: 10 


- 1 

Profile 

Enable This Profile Description 

VLAN ID 

— 

IPv4 Protocol 

IPv6 Protocol 



lanl true 10 static Link-Local 


Each item will be explained as follows: 


Item 

Description 

Add 

Add a new LAN profile. 

Edit 

Modify the selected LAN profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected LAN profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile 

Display the name of the LAN profile. 

Enable This Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

Description 

Display the brief explanation for the LAN profile. 

VLAN ID 

Display the VLAN ID configured for the LAN profile. 

IPv4 Protocol Type 

Display the IPv4 protocol type for the LAN profile. 

IPv6 Protocol Type 

Display the IPv6 protocol type for the LAN profile. 
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How to add a new LAN profile 

1. Open LAN»General Setup and click the General Setup tab. 


LAN » General Setup » General Setup 


General Setup 

DHCP 

DHCP Relay 

RADVD 

DHCPv6 



^ Add 

JC Edit Q[j Delete 

Refresh 


Profile 

Enable This Profile 

Description 

VLAN ID 

lanl 

true 


10 


2. Click the Add button to open the following dialog. Different protocol type selected will 
bring up different configuration web page. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the LAN profile. 

Enable This Profile 

Check this box to enable such profile. 

Description 

Type the description for the new LAN profile. 

VLAN ID 

Type a number as the VLAN ID to make the data be 
identified while performing data transmission. 

Default MAC 
Address 

Enable - Click it to enable the default MAC address for 
such profile. 

Disable - Click it to type the MAC address manually for 
such profile. 


DrayTek 


60 


Vigor2960 Series User’s Guide 




















































MAC Address 

If Default MAC address is disabled, please specify a MAC 
address manually. 

IPv4 Protocol 

Display the fixed type (static) for the IPv4 protocol for such 
profile. 

Mode 

Choose NAT or ROUTING as the operation mode for such 
profile. 

IP Address 

Type the IP address of the router for the LAN profile. 

Subnet Mask 

Use the drop down list to choose a suitable mask for the 

LAN profile. 

Gateway IP 

Address 

Such IP address is ready for matching with the function of 
Virtual System. 

urn _ c h c k the j con c j ear IP setting. 

2 nd Subnet 

Specify one 2 nd subnet which might be needed in the future. 

Add H Save 

IP Subnet Mask Mode 

192.168.1.83 255.255.255.0 NAT 

| 255.255.255.0 |v NAT v [f| 

Add - Click it to add a new subnet mask with IP address and 
specified mode. 

Save - Click it to save the settings. 

IP - Type the IP address if you click Add for adding a new 
entry. 

Subnet Mask - Use the drop down list to choose the one 
you want. 

Mode - Specify NAT or Routing as the mode. 

J - click the icon to remove the selected entry. 

IPv6 Protocol 

It defines the IPv6 connection types for LAN interface. 
Possible types contain Link-Local, Static and DHCP-SLA. 
Except Link-Local, each type requires different parameter 
settings. 

Link-Local- Link-Local address is used for communicating 
with neighbouring nodes on the same link. It is defined by 
the address prefix fe80::/10. You don't need to setup 
Link-Local address manually for it is generated 
automatically according to your MAC Address. 

Static -This type allows you to setup static IPv6 address for 
LAN. 

DHCP-SLA- DHCPv6 client mode would use IA NA 
option of DHCPv6 protocol to obtain IPv6 address from 
server. 

IPv6 Address 

If Static is chosen as IPv6 Protocol, please type the IPv6 
address in this field. 

IPv6 Prefix Length 

Type the IPv6 prefix length for IPv6 - Static protocol. 
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DHCPv6 SLA 

WAN Interface 

If DHCP-SLA is chosen as IPv6 Protocol, please choose one 
of the WAN profiles in this field. 

DHCPv6 SLA ID 

The ID number set here is used by an individual organization 
to create its own local addressing hierarchy and to identify 
subnets. 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


3. When you finish the above settings, please click Apply to save the configuration and 
exit the dialog. 


LAN » General Setup » General Setup 


General Setup 

DHCP | DHCP Relay || RADVD 

DHCPv6 










Add 

>£ Edit Ufl Delete C* Refresh 




Prol 

Profile 

Enable This Profile Description 

VLAN ID 

IPv4 Protocol 

IPv6 Protocol 



lanl 

true 

10 

static 

Link-Local 



lantest 

true Just for test 

21 

static 

DHCP-SLA 
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DHCP 


In the Vigor2960 router, there are some IP address settings for the LAN interface. The IP 
address/subnet mask is for private users or NAT users. The IP address of the default gateway 
on other local PCs should be set as the Vigor2960 server IP address. When the DSL 
connection between the DSL and the ISP has been established, each local PC can directly 
route to the Internet. The IP address/subnet mask can also be used to connect to other private 
users (PCs). On this page you will see the private IP address defined in RFC-1918. Usually 
we use the 192.168.1.0/24 subnet for the route. 


LAH » General Setup » DHCP 


General Setup 

DHCP 

DHCP Relay 

RADVD 

DHCPv6 







Edit 

Refresh 






Profile 

Enable Till Start IP 

Eml IP 

DHS 

Routers Lease Tim 

Specify Re 

Remote Dl Remote Di; 

lanl 

true 192.168.1.. 

..192.168.1.. 

..168.95.1.1 

86400 

Disable 

192.168.1 ....192.168.1.... 

lantest 

true 0.0.0.10 

0.0.0.195 


86400 

Disable 

0.0.0.196 0.0.0.245 


Each item will be explained as follows: 


Item 

Description 

Edit 

Modify the selected LAN profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Refresh 

Renew current web page. 

Profile 

Display the name of the LAN profile. 

Enable This Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

Start IP 

Display the starting IP address of the IP address pool for 
DHCP server. 

End IP 

Display the ending IP address of the IP address pool for 

DHCP server. 
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DNS 

Display the IP address for DNS. 

Routers 

In general, this box will be blank. It means Vigor2960 will 
be regarded as the gateway for the user. 

Lease Time 

Display the lease time for the DHCP server. 

Specify Remote Dial-in 

IP 

Display the status of remote dial-in function. Disable means 
disabled; Enable means enabled. 

Remote Dial-in Start IP 

Display the start IP address for an IP range. The DHCP 
server can assign an IP address for remote dial-in user from 
such IP range. 

Remote Dial-in End IP 

Display the end IP address for an IP range. The DHCP server 
can assign an IP address for remote dial-in user from such IP 
range. 


How to edit a LAN profile for DHCP 

1 . Open LAN»General Setup and click the DHCP tab. 


General Setup 


DHCP 


DHCP Relay 


RADVD 


DHCPv6 


>£ Edit 

O Refresh 






Profile 

Enable Thi Start IP 

End IP 

DHS 

Routers Lease Tim 

Specify Re 

Remote Di; Remote Di; 

[ianl 

lantest 

true 192.168.1.. 

true 0.0.0.10 

..192.168.1.. 

0.0.0.195 

..168.95.1.1 

86400 

86400 

Disable 

Disable 

192.168.1 ....192.168.1.... 

0.0.0.196 0.0.0.245 


2. Choose one of the LAN profiles by clicking on it and click the Edit button to open the 
following dialog. 



Available parameters are listed as follows: 
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Item 

Description 

Profile 

Display the name of the LAN profile. 

Enable This Profile 

Check this box to enable this profile. 

Start IP 

Set the starting IP address of the IP address pool for DHCP 
server. 

End IP 

Set the ending IP address of the IP address pool for DHCP 
server. 

DNS 

Set the private IP address for DNS server. If this field is 
blank, users on LAN will treat Vigor2960 as the DNS server. 

Tj Add H Save 

DNS 

rn mi 

Add - Click it to add a new IP address for DNS server. 

Save - Click it to save the setting. 

J - click the icon to remove the selected entry. 

Routers 

In general, this box will be blank. It means Vigor2960 will 
be regarded as the gateway for the user. 

However, if you want to use other gateway, please assign the 
IP address in this field. 

Lease Time 

Set a lease time for the DHCP server. The time unit is 
minute. 

Specify Remote 
Dial-in IP 

Enable - Enable this function that remote clients within the 
range specified below can access into Vigor2960 WUI. 

Disable - Disable this function. 

Remote Dial-in 

Start IP 

Specify the start IP address for an IP range. The DHCP 
server can assign an IP address for remote dial-in user from 
such IP range. 

Remote Dial-in End 
IP 

Specify the end IP address for an IP range. The DHCP server 
can assign an IP address for remote dial-in user from such IP 
range 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


4. When you finish the above settings, please click Apply to save the configuration and 
exit the dialog. 

5. The LAN profile has been edited. 
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DHCP Relay 

This page allows users to specify which subnet that DHCP server is located that the relay 
agent should redirect the DHCP request to. 


LAN » General Setup » DHCP Relay 



Each item will be explained as follows: 


Item 

Description 

Edit 

Modify the selected LAN profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Refresh 

Renew current web page. 

Profile 

Display the name of the LAN profile. 

Enable This Profile 

Display the status of the profile. Lalse means disabled; True 
means enabled. 

DHCP Server Location 

Display the LAN or WAN profile for the DHCP server. 

DHCP Server IP 

Display the IP address of DHCP server. 
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How to edit a LAN profile for DHCP Relay 

1 . Open LAN»General Setup and click the DHCP Relay tab. 

LAN » General Setup » DHCP Relay 

I General Setup I DHCP If DHCP Relay If RADVD DHCPv6 

Edit O Refresh 

Profile Enable This Profile DHCP Server Location DHCP 

jlanl false 

jlantest false 

2. Choose one of the LAN profiles by clicking on it and click the Edit button to open the 
following dialog. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Display the name of the LAN profile. 

Enable This Profile 

Check this box to enable this profile. 

DHCP Server 
Location 

Specify a WAN profile as the server location. 

DHCP Server IP 

Type the IP address of DHCP Server. 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


3. When you finish the above settings, please click Apply to save the configuration and 
exit the dialog. 

4. The LAN profile has been edited. 
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LAN » General Setup » DHCP Relay 


General Setup DHCP DHCP Relay RADVD DHCPv6 


>£ Edit 

0 Refresh 



Profile 

Enable This Profile 

DHCP Server Location 

DHCP Server IP 

lanl 

false 



lantest 

true 

lantestlS 

192.168.1.90 


RADVD 

The router advertisement daemon (radvd) sends Router Advertisement messages, specified 
by RFC 2461, to a local Ethernet LAN periodically and when requested by a node sending a 
Router Solicitation message. These messages are required for IPv6 stateless 
auto-configuration. 


LAN » General Setup » RADVD 


General Setup DHCP 


DHCP Relay RADVD 


>£ Edit 0 Refresh 


Profile 


Enable This Pi of ile 


Advertisement Lifetime 


lanl 

lantest 


false 

false 


30 

30 


Each item will be explained as follows: 


Item 

Description 

Edit 

Modify the selected LAN profile. 


To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Refresh 

Renew current web page. 

Profile 

Display the name of the LAN profile. 

Enable This Profile 

Display the status of the profile. False means disabled; True 
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means enabled. 

Advertisement Lifetime 

Display the lifetime value. 

The lifetime associated with the default router in units of 
minutes, ranging from 10 ~ 150. It is used to control the 
lifetime of the prefix. A lifetime of 0 indicates that the router 
is not a default router and should not appear on the default 
router list. 


How to edit a LAN profile for RADVD 

1. Open LAN»General Setup and click the RADVD tab. 


LAN » General Setup » RADVD 


General Setup 


DHCP 


DHCP Relay 


RADVD 


DHCPV6 


^ Edit O Refresh 

Profile 

Enable This Profile 

Advertisement Lifetime 

lanl 

false 

30 

lantest 

false 

30 


2. Choose one of the LAN profiles by clicking on it and click the Edit button to open the 
following dialog. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Display the name of the LAN profile. 

Enable This Profile 

Check this box to enable this profile. 

Advertisement 

Lifetime 

Type a value for advertisement lifetime. 

The lifetime associated with the default router in units of 
minutes, ranging from 10 ~ 150. It is used to control the 
lifetime of the prefix. A lifetime of 0 indicates that the router 
is not a default router and should not appear on the default 
router list. 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 
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3. When you finish the above settings, please click Apply to save the configuration and 
exit the dialog. 

4. The LAN profile has been edited. 



DHCP6 


DHCP6 Server could assign IPv6 address to PC according to the Start/End IPv6 address 
configuration. 


LAH » General Setu|> » DHCPuG 


General Setup 

DHCP 

DHCP Relay 

RADVD 

DHCPw6 



Edit O Refresh 


Profile 

Enable This Profile 

I - 

Start IP 

End IP 

DHS 



lanl false 

lantest false 


Each item will be explained as follows: 


Item 

Description 

Edit 

Modify the selected LAN profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Refresh 

Renew current web page. 

Profile 

Display the name of the LAN profile. 
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Enable This Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

Start IP 

Display the starting IP address of the IP address pool for 


DHCP server. 

End IP 

Display the ending IP address of the IP address pool for 


DHCP server. 

DNS 

Display the private IP address for DNS server. 


How to edit a LAN profile for DHCPv6 

1. Open LAN»General Setup and click the DHCPv6 tab. 
LAN » General Setup » DHCPv6 


General Setup DHCP DHCP Relay RADVD DHCPvS 


A Edrt 

O Rsfreah 


Profile 

Enable This P Start IP 

End IP 

Uni 

false 


jwanl 

false 


jlantestl 

false 



2. Choose one of the LAN profiles by clicking on it and click the Edit button to open the 
following dialog. 
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Available parameters are listed as follows: 


Item 

Description 

Profile 

Display the name of the LAN profile. 

Enable This Profile 

Check this box to enable this profile. 

Start IP 

Set the starting IP address of the IP address pool for DHCP 
server. The format the IP address shall be similar to the 
following example: 

2000:0000:0000:0000:0000:0000:0000:10 or 2000::10. 

End IP 

Set the ending IP address of the IP address pool for DHCP 
server. The format the IP address shall be similar to the 
following example: 

2000:0000:0000:0000:0000:0000:0000:10 or 2000::10. 

DNS 

Set the private IP address for DNS server. If this field is 
blank, users on LAN will treat Vigor2960 as the DNS server. 


Add ^ Save 


DNS 



2OO0::2 



DNS : 

Add - Cl 

Save - Cl 

HD -die 

ick it to add a new IP address for 1 

lick it to save the setting. 

k the icon to remove the selected < 

DNS server. 

mtry. 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


3. When you finish the above settings, please click Apply to save the configuration and 
exit the dialog. 

4. The LAN profile has been edited. 

LAN » General Setup » DHCPvG 

General Setup DHCP DHCP Relay RADVD DHCPvfi- 

Edit ^ Refresh 

Profile Enable This Profile Start IP End IP DNS 

lanl true 2000:: 10 2000: :ff 2000: :2 
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4.2.2 IP Routing 

To make local device in LAN accessing into external network without passing NAT or let 
the remote device access into the local device without passing NAT behind the router, please 
use IP routing function to complete the work. 

Usually, the local device might be assigned with a public IP address or an IP address with 
the same subnet as certain WAN. When the local device tries to transmit the data packets out, 
Vigor2960 will send it out through that certain WAN interface without passing through NAT. 
Meanwhile, remote device also can access the local device directly without any difficulty. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new IP Routing profile. 

Edit 

Modify the selected IP routing setting. 

To edit the IP routing setting, simply select the one you want 
to modify and click the Edit button. The edit window will 
appear for you to modify the corresponding settings for the 
selected profile. 

Delete 

Remove the selected route setting. 

To delete a static route setting, simply select the one you 
want to delete and click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. 

Profile 

Display the name of such IP route profile. 

Enable This Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

WAN Profile 

Display which WAN profile used for sending out the data 
packets. 
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LAN Profile 

Display which LAN profile used for the local device. 

IP 

Display the private IP address for such profile. 

Mask 

Display the subnet mask for such profile. 


How to add a new IP Routing profile 

1. Open LAN»IP Routing. 

2. Click the Add button. 


LAN »IP Routing 


IP Routing 


IS Add 

>£ Edit HQ Delete 

C* Refresh 

Profile 

Enable This Profit 

WAN Profile 

No it 


3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the IP routing profile. 

Enable This Profile 

Check this box to enable such IP routing profile. 

WAN Profile 

Choose one of WAN profiles for sending data out. 

LAN Profile 

Choose one of LAN profiles for the local device. 

IP 

Type the private IP address for such IP routing profile. 

Mask 

Use the drop down list to choose the subnet mask for such IP 
routing profile. 
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4. Enter all the settings and click Apply. The new profile will be added on the screen. 


LAN »IP Routing 


IP Routing 


Add 

>5 Edit UQ Delete & Refresh 

1.(5 Rename 



Profile 

Enable This Profile WAN Profile 

LAN Profile 

IP 

Mash 

Routingtestl 

true ward 

lanl 

192.168.1.34 

255.255.255.0 


4.2.3 Static Route 

When there are several subnets in LAN, a more effective and quicker way for connection is 
static route rather than other methods. Simply set rules to forward data from one specified 
subnet to another specified subnet. 
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Static Route 


LAN » Static Route » Static Route 






Static Route IPv6 Static Route Inter-LAN Route 


Add Edit iff) Delete Refresh Rename Profile Nurr 

i 

Profile Enable This Pro Destination IP A Subnet Mask Gateway WAN/LAM Profik Metric 


No items to show. 


1 | ill v 

J 





Each item will be explained as follows: 


Item 

Description 

Add 

Add a new static route setting. 

Edit 

Modify the selected static route setting. 

To edit static route setting, simply select the one you want to 
modify and click the Edit button. The edit window will 
appear for you to modify the corresponding settings for the 
selected rule. 

Delete 

Remove the selected static route setting. 

To delete a static route setting, simply select the one you 
want to delete and click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. 

Profile 

Display the name of such static route. 

Enable This Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

Destination IP Address 

Display the IP address for such static route profile. 

Subnet Mask 

Display the subnet mask for such static route profile. 

Gateway 

Display the gateway address for such static route profile. 

WAN/LAN Profile 

Display the subnet / LAN or WAN profile of the gateway. 
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Metric 


Display the distance to the target. 

How to add a new Static Route profile 

1. Open LAN»Static Routing and click the Static Route tab. 

2. Click the Add button. 


LAN m Static Route Static Route 


Static Route 

IPv6 Static Route 

Inter-LAN Route 



O Add A Edit |Q| Delete 0 Refresh Re 

Profile Enable This Pro Destination IP A Subnet M 

No items t: 

3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the static route profile. 

Enable This Profile 

Check this box to enable such profile. 

Destination IP 
Address 

Type the IP address for such static route profile. 

Subnet Mask 

Use the drop down list to choose the subnet mask for such 
static route profile. 

Gateway 

Type the gateway address for such static route profile. 

WAN/LAN Profile 

Choose one of the LAN/WAN profiles of the gateway for 
such static route. 
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Metric 

Type the distance to the target (usually counted in hops). 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


5. Enter all the settings and click Apply. The new profile will be added on the screen. 


LAN » Static Route » Static Route 


Static Route 

IPv6 Static Route 

Inter-LAN Route 


Add Edit (j]j Delete Refresh Rename 

Profile 

Enable This Pr< 

> Destination IP A 

Subnet Mash Gateway WAH.LAM Prol 

New_control 

true 

192.168.1.56 

255.255.255.0 192.168.1.11 lantest 


IPv6 Static Route 

For IPv6 protocol, click the IPv6 Static Route tab to configure detailed settings. 


LAN » Static Route >> IPv6 Static Route 


Static Route 


IPv6 Static Route Inter-LAN Route 


& Add j(C Edit HQ Delete (**> Refresh Rename 


Profile Enable This Pro Destination IP A Prefix Length Hextho|> 


WAN LAN Profit Metric 


No items to show. 


|T | 

-1 1 ' 


Each item will be explained as follows: 

Item 

Description 

Add 

Add a new static route setting. 

Edit 

Modify the selected static route setting. 

To edit static route setting, simply select the one you want to 
modify and click the Edit button. The edit window will 
appear for you to modify the corresponding settings for the 
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selected rule. 

Delete 

Remove the selected static route setting. 

To delete a static route setting, simply select the one you 
want to delete and click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. 

Profile 

Display the name of such static route. 

Enable This Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

Destination IP Address 

Display the IP address for such static route profile. 

Prefix Length 

Display the prefix length of the profile. 

Nexthop 

Display the nexthop address for such static route profile. 

WAN / LAN Profile 

Display the subnet LAN or WAN profile of the gateway. 

Metric 

Display the distance to the target. 


How to add a new IPv6 Static Route profile 

1. Open LAN»Static Route and click the IPv6 Static Route tab. 

2. Click the Add button. 

LAN » Static Route » IPv6 Static Route 

Static Route IPuft Static Route Inter-LAN Route 

Edit (jp Delete Refresh Rename 

Profile Enable This Pro Destination IP A Prefix Length 

No items to sho 1 

3. The following dialog will appear. 


Add 
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Available parameters are listed as follows: 


Item 

Description 

Profile Name 

Type the name of the static route profile. 

Enable This Profile 

Check this box to enable such profile. 

Destination IP 
Address 

Type the IP address for such static route profile. 

Prefix Length 

Type the prefix length for such profile. 

Nexthop 

Type the nexthop address for such static route profile. 

WAN/LAN Profile 

Choose one of the LAN/WAN profiles of the gateway for 
such static route. 

Metric 

Type the distance to the target (usually counted in hops). 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


4. Enter all the settings and click Apply. The new profile will be added on the screen. 


LAN » Static Route » IPv6 Static Route 


Static Route 

IPv6 Static Route 

Inter-LAN Route 



Add Edit HO Delete Refresh Rename 


Profile Enable ' Destination IP Address Prefix L Nexthop WAN/LA IV 

V6_Ne... true feS0::250:1212:00ff:S600 30 feBO ::25fl: 1212:00 ff:6666 lanl 20 
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Inter-LAN Route 


To make the users in different LAN communicating with each other, please check the box to 
enable Inter-LAN route function. 
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4.2.3 Switch 


This page allows you to configure Mirroring Port, Mirrored Port, enable/disable LAN 
interface, and configure 802.IQ VLAN ID for different LAN interfaces, and so on. 

802.1 Q VLAN 

Virtual LANs (VLANs) are logical, independent workgroups within a network. These 
workgroups communicate as if they had a physical connection to the network. However, 
VLANs are not limited by the hardware constraints that physically connect traditional LAN 
segments to a network. As a result, VLANs allow the network manager to segment the 
network with a logical, hierarchical structure. VLANs can define a network by application or 
department. For instance, in the enterprise, a company might create one VLAN for 
multimedia users and another for e-mail users; or a company might have one VLAN for its 
Engineering Department, another for its Marketing Department, and another for its guest 
who can only use Internet not Intranet. VLANs can also be set up according to the 
organization structure within a company. For example, the company president might have 
his own VLAN, his executive staff might have a different VLAN, and the remaining 
employees might have yet a different VLAN. VLANs can also set up according to different 
company in the same building to save the money and reduce the device establishment. 

User can select some ports to add into a VLAN group. In one VLAN group, the port number 
can be single one or more. 

The purpose of VLAN is to isolate traffic between different users and it can provide better 
security application. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new VLAN ID setting. 

Edit 

Modify the selected VLAN ID setting. 


To edit VALN ID setting, simply select the one you want to 
modify and click the Edit button. The edit window will 
appear for you to modify the corresponding settings for the 
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selected rule. 

Delete 

Remove the selected VLAN ID setting. 

To delete a VLAN ID setting, simply select the one you want 
to delete and click the Delete button. 

Refresh 

Renew current web page. 

VLAN ID 

Display the VLAN ID number. 

Member 

Display the LAN interface that is used to access into Internet 
for such LAN profile with the VLAN ID number. 

Untag 

Display the LAN interface that packets transmitted to 

Internet through such LAN profile with the VLAN ID 
number is tagged or untagged. 


How to add a new 802.1 Q VLAN profile 

1. Open LAN»Switch and click the 802.1Q VLAN tab. 

2. Click the Add button. 


LAN » 802.10 VLAN 


802.10 VLAN 
Add 

VLAN ID 

10 


Edit 


DD Delete 0 Refresh 
Member 
LAN 1, LAN 2 


UiiMg 

LAN1.LAN2 


3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

VLAN ID 

Type the number as the VLAN ID. Type a number used for 
identification on VLAN for your computer. Later, you have 
to type the same ID number for each PC which wants to be 
grouped within the same VLAN group. 
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Member 

Determine which LAN interface can be used to access into 
Internet for such LAN profile with the VLAN ID number. 

Untag 

Determine if the packets transmitted to Internet through such 
LAN profile with the VLAN ID number is tagged or not. 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


4. Enter all the settings and click Apply. The new profile will be added on the screen. 


LAN » 802.10 VLAN 


802.10 VLAN 


O Add Edit flu Delete Refresh Profile Num 

VLAN ID 

Member Unnm 


10 

15 

LAN1.LAN2 LAN1.LAN2 

LAN3 
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4.2.4 Bind IP to MAC 


This function is used to bind the IP and MAC address in LAN to have a strengthen control in 
network. When this function is enabled, all the assigned IP and MAC address binding 
together cannot be changed. If you modified the binding IP or MAC address, it might cause 
you not access into the Internet. 

This page allows you to configure related settings for the function of Bind IP to MAC. 



Each item will be explained as follows: 


Item 

Description 

Mode 

Enable - Choose it to invoke this function. However, 

IP/MAC which is not listed in IP Bind List also can connect 
to Internet. 

Disable - Choose it to disable this function. All the settings 
on this page will be invalid. 

Strict Bind - Choose it to lock the connection of the 

IP/MAC which is not listed in IP Bind List. 

Select All 

Allow you to choose all the items listed in ARP Table. 

Move 

Move the selected item to IP Bind List. 

ARP Table 

This table is the LAN ARP table of this router. The 
information for IP and MAC will be displayed in this field. 
Each pair of IP and MAC address listed in ARP table can be 
selected and added to IP Bind List by clicking Move on IP 
Bind List. 

IP Address 

Display the IP address of one device. 

MAC Address 

Display the MAC address of the device. 

Add 

It allows you to add one pair of IP/MAC address and display 
on the table of IP Bind List. 
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Edit 

It allows you to edit and modify the selected IP address and 
MAC address that you create before. 

Delete 

You can remove any item listed in IP Bind List. Simply 
click and select the one, and click Delete. The selected item 
will be removed from the IP Bind List. 

Select All 

Choose all of the selections at one time. 

Refresh 

It is used to refresh the ARP table. When there is one new 

PC added to the LAN, you can click this link to obtain the 
newly ARP table information. 

Refresh 

Renew current web page. 

Bind Table 

It displays a list for the IP bind to MAC information. 

Profile 

Display the name of the profile. 

IP Address 

Display the IP address specified for the profile. 

MAC 

Display the MAC address specified for the profile. 


How to configure Bind IP to MAC 

1. Open LAN»Bind IP to MAC. 

2. Use the drop down Mode menu to specify a suitable mode. 

LAN » Bind IP to MAC 


Bind IP to MAC 


Mode : 

Enable 

V 

Select All \ Move 

ARP Til 

Disable 

Enable 

Strict_Bind 



IP 

Iress 



192.16S.1.17 e0:cb:4e:da:48:79 


There are three modes offered for you to choose. 

Disable - The function of Bind IP to MAC is disabled. 

Enable - Specified IP addresses on the Bind Table will be reserved for the device with 
bind MAC address. Other devices which are not listed on the Bind Table shall still get 
the IP address from DHCP server. 

Strict_Bind - Only specified IP addresses will be assigned to the device with bind 
MAC address. Other devices which are not listed on the Bind Table shall still NOT get 
the IP address from DHCP server. 
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3. Click Add to open the following dialog. 


Bind IP to MAC 

xj 

j 

Profile : 

IP Address : 

MAC : 

BindJPI 

192 16S 1 99 

DO : 50 : 7F : CA : 8E : 9D 



H Apply Cancel 


Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the profile. 

IP Address 

Type the IP address that will be used for the specified MAC 
address. 

MAC 

Type the MAC address that is used to bind with the assigned 

IP address. 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


4. Enter all the settings and click Apply. 

5. A new profile has been added onto Bind Table. 


o MAC 

C I 


ildress 
3 : da: 48:79 


Add X Edit Q] Delete £ Select All O Refresh 

Bin-cl Table 

Profile IP Address MAC 

BindJPI 192.168.1.99 00:50:7F:CA:8E:9D 


4.2.5 RIP Configuration 

The Routing Information Protocol (RIP) is a dynamic routing protocol used in local 
and wide area networks. The routing information packet will be sent out by web 
server or router periodically, and can be used to communicate with other routers. It 
will calculate the number of network nodes on the route to ensure there is no 
obstruction on the network routine. In addition, it will choose a correct route based 
on the method of Distance Vector Routing and use the Bellman-Ford algorithm to 
calculate the routing table. 
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RIP can update the routing table automatically and find a route to send packet. See the 
following figure as an example: 


A (Support RIP) 



C (Support RIP) 


Suppose A supports RIP on WAN1/WAN2/WAN3/WAN4, B supports RIP on WAN1 and 
WAN2, and C supports RIP on WAN 1/WAN2/WAN3/WAN4. 

B will tell A "if you want to send packets to C, please send it to me first", then A will create 
a routing rule to forward packet that destination is C to B. 

In another direction, C will do the same thing. 



Available parameters are listed as follows: 


Item 

Description 

Enable This Profile 

Check the box to enable the Mirror function for the switch. 
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Profile 

Choose one of the LAN profiles. 

Apply 

Click it to save the settings. 

Cancel 

Click it to exit the dialog without saving anything. 


4.2.6 OSPF Configuration 

OSPF (Open Shortest Path First) uses the algorithm of SPF (Shortest Path First) to calculate 
the route metric. It is suitable for large network and complicated data exchange. 

When you need faster convergence than distance vector, want to support much larger 
networks or want to have less susceptible to bad routing information, you can enable OSPF 
feature to fit your request. Note that both routers must support OSPF function at the same 
time to build the OSPF connection. 



Available parameters are listed as follows: 


Item 

Description 

Enable This Profile 

Check the box to enable the Mirror function for the switch. 

Profile 

Create a new profile name. 

Apply 

Click it to save the settings. 

Cancel 

Click it to discard the settings configured in this page. 


How to add a new profile 

1. Open LAN»OSPF Configuration. 

2. Check Enable This Profile. 

3. Click the space of Profile. A pop-up dialog will appear. Click Add. 
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Profile 


1^. Add 

LAN Profile Area 

V 

i in 

lanl 

lantest 





4. Use the drop down list of LAN Profile to choose the one you need. And specify the 
value of Area (either 0.0.0.0 ~ 255.255.255.255 or 0 - 4294967295) for that profile. 


Profile : 



If you are not satisfied the settings, simply click to remove the entry, and then 
re-type the settings. 

5. Click Apply to save the settings and exit the dialog. A new profile is created and 
displayed on the screen. 


OSPF Configuration 

7 Enable This Profile 


Profile : 


Add 

LAM Profile 

Area 


lantest 

35 

HI 
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4.3 NAT 


NAT (Network Address Translation) is a method of mapping one or more IP addresses 
and/or service ports into different specified services. It allows the internal IP addresses of 
many computers on a LAN to be translated to one public address to save costs and resources 
of multiple public IP addresses. It also plays a security role by obscuring the true IP 
addresses of important machines from potential hackers on the Internet. The Vigor 3900 
Series is NAT-enabled by default and gets one globally routable IP addresses from the ISP 
by Static, PPPoE, or DHCP mechanism. The Vigor2960 Series assigns private network IP 
addresses according to RFC-1918 protocol and translates the private network addresses to a 
globally routable IP address so that local hosts can communicate with the router and access 
the Internet. 



4.3.1 Port Redirection 

Port Redirection means port forwarding. It may be used to expose internal servers to the 
public domain or open a specific port to internal hosts. Internet hosts can use the WAN IP 
address to access internal network services, such as FTP, WWW and etc. The internal FTP 
server is running on the local host addressed as 192.168.1.2. When other users send this type 
of request to your network through the Internet, the router will direct these requests to an 
appropriate host inside. A user can also translate the port to another port by configuration. 
For example, port number with 1024 can be transferred into IP address of 192.168.1.100 of 
LAN. The packet is forwarded to a specific local host if the port number matches that 
defined in the table. 



Each item will be explained as follows: 
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Item 

Description 

Add 

Add a new port redirect profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a profile, simply select the one you want to delete 
and click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. 

Profile -)(x 

Profile : PR_1 

Rename as : PR_TEST 

H Apply Q Cancel 

Before using such function, there is one profile existed at 
least. 

Profile 

Display the name of the profile. 

Enable The Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

Public IP 

Display the interface used for such profile. 

Use IP Alias 

Display if IP Alias is enabled or not. 

IP Alias 

Display the selected WAN IP address. 

Private IP 

Display the private IP used for this entry. 

Protocol 

Display the protocol used for the entry. 

Port Redirection Mode 

Display the setting mode for port redirection. 

Public Port Start 

Display the starting number of the public port. 

Public Port End 

Display the ending number of the public port. 

Private Port 

Display the number of the private port. 


How to add a new Port Redirection profile 

1. Open NAT» Port Redirection. 

2. Simply click the Add button. 
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NAT » Port Redirection 


Port Redirection 


>£ Edit O Deists- Rsfrsah 


Profile Enable Th Public IP Use IP AN-Alias 


Add 


3. The following dialog will appear. 


Port Redirection 




Profile : 

0 Enable This Profile 
Public IP : 

Use IP Alias : 

Private IP : 

Protocol : 

Port Redirection Mode 
Public Port Start: 
Private Port : 


PR 1 


All 


No 


132 


rCPAJDP 


One-to-One 


S3 


33 



168 


1 


56 


must have value 


H Apply Q Cancel 


Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the profile. 

Enable This Profile 

Check the box to enable this profile. 

Public IP 

Specify the WAN interface for such profile. 




Public IP : 

All 

V 




All 





wanl 





'ivan2 



Use IP Alias 

Use the drop down menu 

to specify which type of IP Alias 


you want. 
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Use IP Alias : 

All 

V 

No 

Single_Alias 


All 


Single_Alias - You have to type one IP address used for IP 
Alias. 



All - All the IP address can be treated as IP Alias. 

Alias 

Type WAN IP address (es). 

Private IP 

Specify the private IP address of the internal host providing 
the service. Simply type the private IP used for this entry. 

Protocol 

Choose the protocol used for the entry. 


TCP 

1 v 

TCP 


UDP 


TCP/UDP 



Port Redirection Use the drop down menu to specify which mode you want to 
Mode use. 


Port Redirection Mode : 


Range-to-Ons 

V 

One-tD-One 


Rangs-to-Ons 


Rangs-to-Rangs 



Public Port Start/ 
Public Port End 

Type the starting/ending number of the public port. 

Private Port 

Type a port number for such profile. 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


4. Enter all the settings and click Apply. 

5. A new profile has been added onto Port Redirection table. 

NAT » Port Redirection 


Port Redirection 


© 

Add >£ Edit 

HD Detete 0 Rsfrsah 

Rename 


Profile 

Enable Th Public IP Use IP AN. Alias 

Private IP Protocol 

PortRedii Public Poi Public F 

PR_1 

true All 

All 

192.16S.... TCP/UDP 

Qne-to-O... £0 
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4.3.2 DMZ Host 


In computer networks, a DMZ (De-Militarized Zone) is a computer host or small network 
inserted as a neutral zone between a company’s private network and the outside public 
network. It prevents outside users from getting direct access to company network. A DMZ is 
an optional and more secure approach to a firewall and effectively acts as a proxy server as 
well. In a typical DMZ configuration for a small company, a separate computer (or host in 
network terms) receives requests from users within the private network for access to Web 
sites or other companies accessible on the public network. The DMZ host then initializes 
sessions for these requests on the public networks. However, the DMZ host is not able to 
initiate a session back into the private network. It can only forward packets that have already 
been requested. Users of the public network outside the company can access only the DMZ 
host. The DMZ may typically also have the company’s Web pages so these could be 
served to the outside world. If an outside user penetrated the DMZ host’s security, only the 
Web pages will be corrupted but other company information would not be exposed. 

DmyTtek ~jk 


Auto Logout : | Off j v 

Quick Start Wizard 
Online Status 


WAN 

LAN 


Port Redirection 


DMZ Host 


Address Mapping 
SIP ALG 


Firewall 

Objects Setting 

User Management 

Applications 

VPN and Remote Access 

Certificate Management 

SSL VPN 

Bandwidth Management 
System Maintenance 
Diagnostics 


External Devices 
Product Registration 


Each item will be explained as follows: 


Item 

Description 

Add 

Add a new DMZ host profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a profile, simply select the one you want to delete 
and click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. 


VigOr2960 Series 13:52:47 Login: Admin £> 


NAT » DMZ Host 
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Profile 

Enable The Profile 


WAN Profile 


Private IP 
Use IP Alias 


IP Alias 


Before using such function, there is one profile existed at 
least. 

Display the name of the profile. 

Display the status of the profile. False means disabled; True 
means enabled. 

Display the WAN profile that such DMZ host profile will be 
applied to. 

Display the private IP used for this entry. 

Display the using status (enabled or disabled) for WAN IP 
alias. 

Display the selected WAN IP address. 


How to add a new DMZ Host profile 

1. Open NAT» DMZ Host. 

2. Simply click the Add button. 


HAT » DMZ Host 



3. The following dialog will appear. 


DrayTek 


96 


Vigor2960 Series User’s Guide 




























Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the profile. 

Enable This Profile 

Check the box to enable the DMZ Host profile. 

WAN Profile 

Choose a WAN profile for such entry. 

Private IP 

Type the private IP used for this entry. 

Use IP Alias 

Click Enable to invoke IP Alias function. 

IP Alias 

IP alias that can be selected and used for port redirection. 
Before using it, please go to WAN»General Setup and 
enable the wanl profile. Add several IP addresses under 

Static mode for wanl. 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


4. Enter all the settings and click Apply. 

5. A new profile has been added onto DMZ Host table. 

HAT » DMZ Host 


DMZ Host 


Q Add Edit [jjj Delete 

O Refresh 

Rename 


Profile Enable This Profik 

WAH Profile 

Private IP 

Use IP Alia 

DMZ _1 _RD true 

wanl 

192.168.1.101 

Disable 
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4.3.3 Address Mapping 

This page is used to map specific private IP to specific WAN IP alias. 

If you have ”a group of IP Addresses” and want to apply to the router, please use WAN IP 
alias function to record these IPs first. Then, use address mapping function to map specific 
private IP to specific WAN IP alias. 

For example, you have IP addresses ranging from 86.123.123.1 ~ 86.123.123.8. However, 
your router uses 86.123.123.1, and the rest of the IPs are recorded in WAN IP alias. You 
want that private IP 192.168.1.10 can use 86.123.123.2 as source IP when it sends packet out 
to Internet. You can use address mapping function to achieve this demand. Simply type 
192.168.1.10 as the Private IP; and type 86.123.123.2 as the WAN IP. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new DMZ host profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a profile, simply select the one you want to delete 
and click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. Before using 
such function, there is one profile existed at least. 

Profile 

Display the name of the profile. 

Enable The Profile 

Display the status of the profile. False means disabled; True 
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means enabled. 

WAN Profile 

Display the WAN profile that such address mapping profile 
will be applied to. 

Private IP 

Display the private IP used for this entry. 

Private IP Subnet Mask 

Display the subnet mask used for this entry. 

Protocol 

Display the protocol used for the entry. 

Use IP Alias 

Display the using status (enabled or disabled) for WAN IP 
alias. 

IP Alias 

Display the selected WAN IP address. 


How to add a new Address Mapping profile 


1. Open NAT» Address Mapping. 

2. Simply click the Add button. 

NAT :>:> Address Mapping 


Address Mapping 


GJj Add Edit |jj| Delete tfi Refresh 


Profile Enable This P WAN Profile Private IP 

No item 


3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the profile. 
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Enable This Profile 

WAN Profile 

Private IP 

Private IP subnet 
Mask 

Protocol 


Check the box to enable the Address Mapping profile. 
Choose a WAN profile for such entry. 

Type the private IP used for this entry. 

Type the subnet mask used for this entry. 


Choose the protocol used for the entry. 


All 

TOP 

UDP 

TCP/UDP 


All 


Use IP Alias 
IP Alias 


Apply 

Cancel 


Click Enable to invoke IP Alias function. 

IP alias that can be selected and used for port redirection. 
Before using it, please go to WAN»General Setup and 
enable the wanl profile. Add several IP addresses under 
Static mode for wanl. 

Click it to save and exit the dialog. 

Click it to exit the dialog without saving anything. 


4. Enter all the settings and click Apply. 

5. A new profile has been added onto Address Mapping table. 

HAT » Address Mapping 


Addi ess Mapping 


^ Add 

Edit 

jj Delete ***■ Refresh Rename 

Profile 

Enable This P WAN Profile Private IP Private IP sul: Protocol 

ADD_M_1 

true 

wanl 192.168.1.99 255.255.255.0 All 
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4.3.4 SIP ALG 


SIP ALG means Session Initiation Protocol, Application Layer Gateway. This page 
allows you to choose LAN and WAN profiles to make SIP message and RTP packets of 
voice being transmitting and receiving correctly via NAT by Vigor router. 



Available parameters are listed as follows: 


Item 

Description 

Enable This Profile 

Check the box to enable the Mirror function for the switch. 

LAN Interface 

Choose one of the LAN profiles. 

WAN Interface 

Choose one of the WAN profiles. 

Apply 

Click it to save the settings. 

Cancel 

Click it to discard the settings configured in this page. 


4,4 Firewall 

The firewall controls the allowance and denial of packets through the router. The 
Firewall Setup in the Vigor2960 Series mainly consists of packet filtering, Denial of 
Service (DoS) and URL (Universal Resource Locator) content filtering facilities. These 
firewall filters help to protect your local network against attack from outsiders. A firewall 
also provides a way of restricting users on the local network from accessing inappropriate 
Internet content and can filter out specific packets, which may trigger unexpected outgoing 
connection such as a Trojan. 

The following sections will explain how to configure the Firewall. Users can select IP Filter, 
DoS Defense, MAC Block and Port Block options from Firewall menu. The DoS Defense 
facility can detect and mitigate the DoS attacks. 
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Firewall 


Filter Setup 
DoS Defense 
MAC Block 


4.4.1 Filter Setup 

Vigor firewall will filter the packets based on the settings, including IP Filter, Application 
Filter and URL Filter configured under Firewall»Filter Setup. These filters will group 
certain objects (e.g., IP Object, Service Object, Keyword Object, File Extension Object, IM 
Object, P2P Object, P2P Object, Protocol Object, Web Category Object, Time Object, and 
etc.) and form a powerful firewall to protect your computer. 



IP Filter 

This page allows you to create new IP filter rule(s) and group them for your request. The 
upper part displays the information of IP Filter Group(s); the lower part displays the 
information of IP Filter Rule(s). 

You should create at least one IP filter rule and one group profile. The following will explain 
IP Filter functions with details. 
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Firewall» Filtei Setup »IP Filter 


1 

IP Filter Application Filter URL Filter 


IP Filtei Rule Gi eup 

Add X Edit jjjj Delete Refresh yj Rename 

Group Enable This Profile Comment 


No items to show. 

M' 1 -1 V 



IP Filtei Rules of Selected Group 

ly Add X Edit tfE Delete s/' Refresh y5 Rename Profile Number Limit : 12 

Rule Enable This Time Profile Source IP Destination 1 Seivice Typ< Action Next Group Syslog 


No items to show. 




Each item will be explained as follows: 


Item 

Description 

IP Filter Rule Group 

Add 

Add a new group profile for IP filter. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. 

Group 

Display the name of the IP filter group profile. 

Enable The Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

Comment 

Display the description for such profile. 


IP Filter Rule Group of Selected Group 


Add 

Add a new IP filter rule profile. Before you create an IP filter 
rule, you have to create an IP filter group first. Otherwise, 
you are not allowed to add any IP filter rule here. 

Edit 

Modify the selected profile. 
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Item 

Description 


To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. 

Rule 

Display the name of the IP filter rule. 

Enable The Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

Time Profile 

If no time schedule is set, None will be shown in this field. 

Source IP 

Display the source IP object profile selected for each rule. 

Destination IP 

Display the destination IP object profile selected for each 
rule. 

Service Type 

Display the service type object profile selected for each rule. 

Action 

Display the action (pass or block) of such rule will use. 

Next Group 

Display the name for next group selected. If no group is 
chosen, None will be shown instead. 

Syslog 

Display the status (enable or disable) of the Syslog function. 


How to create an IP Filter group 

To build an IP group containing IP filter rules, please follow the steps: 

1. Open Firewall»Filter Setup and click the IP Filter tab. 

2. Simply click the Add button. 

Firewall » Filter Setup » IP Filter 

IP Filter Application Filter URL Filter 


IP Filter Rule Group 


Q Add Edit 

(J) Delete <**■ Refresh ■L.jJ Re 

Group 

Enable This Profile 
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3. 


The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Group 

Type the name of the IP filter group. 

Enable This Profile 

Check the box to enable this profile. 

Comment 

Give a brief description for the profile. 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


4. Enter all the settings and click Apply. 

5. A new filter group has been added onto Address Mapping table. 


Firewall » Filter Setup » IP Filter 

IP Filter Application Filter URL Filter 



6. Choose the IP filter group first and then click the Add tab (the lower one in this page). 
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Firewall » Filter Setup » IP Filter 


IP Filter Application Filter URL Filter 


IP Filter Rule Group 

[fj! Add 

A Edit 

(H| Delete O Refresh 

...jj Rename 


Group 


Enable This Profile 

Comment 

IPF_Marketing 


true 


used for Ml 


c 


ill 





IP Filter Rules of Selected Group 

£ Edit ||[ Delete ^ Refresh Rename Profile Number Limrt 

Rule Enable This Time Profit Source IP Destination Service Typ Action 

No items to show. 

7. The following page for configuration will appear. 



Available parameters are listed as follows: 


^ Add 
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Item 

Description 

Rule 

Type the name of the IP filter rule. 

Enable This Profile 

Check the box to enable this profile. 

Time Profile 

Choose a schedule profile to be applied on such rule. 

You can click 0 to create another new time object profile. 

Source IP 

Choose one or more IP object profiles from the drop down 
list. The selected profile will be treated as source IP. 

You can click Kj to create another new IP object profile. 

Destination IP 

Choose one or more IP object profiles from the drop down 
list. The selected profile will be treated as destination IP. 

You can click Kj to create another new IP object profile. 

Service Type 

Choose one or more service type object profiles from the 
drop down list. The selected profile will be treated as service 
type. 

You can click Kj to create another new service type object 
profile. 

Input Interface 

Choose one of the LAN or WAN profiles as data receiving 
interface. 

Output Interface 

Choose one of the LAN or WAN profiles as data 
transmitting interface. 

Fragments 

Specify the action for fragmented packets. 

do_not_care v | 

do_not_care 

fragment 

unfragment 

do_not_care -No action will be taken towards fragmented 
packets. 

unfragment - Apply the rule to unfragmented packets, 
fragment - Apply the rule to fragmented packets. 

Action 

The action to be taken when packets match the rule. 

Block - Packets matching the rule will be dropped 
immediately 

Pass - Packets matching the rule will be passed immediately. 
Block_If_No_Further_Match - A packet matching the rule, 
and that does not match further rules, will be dropped. 
Pass_If_No_Further_Match - A packet matching the rule, 
and that does not match further rules, will be passed through. 

Syslog 

Click Enable to make the history of firewall actions 
appearing on the System Maintenance » Syslog/Mail 

Alert» Syslog File. 
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System Maintenance » Sysloy Mail Aleit» Sysley File 




Syslog Access Setup Syslog File Mail Alert 



Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


8. Enter all the settings and click Apply. 

9. A new IP filter rule has been added onto IP Filter Rules of Selected Group table. 

Group Enable This Profile Comment 

IPF_Marketing true used for MKT Dept 


j i 1 _Til_! bj 


IP Filter Rules of Selected Group 






Q Add 

>£ Edit HQ Delete 

if) Refresh 

Rename Profile Number Li mil 

t : 12 



Rule 

Enable This Time Profile 

Source IP 

Destination 1 Service Typ* Action 

Next Group 

Syslog 


RuleJ 

true None 

Any 

Any Any Pass 

None 

Disable 



Note: You can create multiple IP filter groups. Each IP Filter Rules of Selected 
Group belongs to an IP Filter Rule Group. Click an IP Filter Rule Group to 

show its members in the lower display window. 
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Application Filter 

Application Filter can integrate several application objects within one profile for restricting 
the usage of application. For example, it can block people defined in IP object profile not 
using IM application, not using P2P for file sharing, and not downloading files via certain 
protocol. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new group profile for Application filter. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. 

Profile 

Display the name of the application filter profile. 

Enable The Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

Time Profile 

If no time schedule is set, None will be shown in this field. 

Source IP 

Display the source IP object profile selected for such group. 

Exception IP 

Display the IP object profile which will not be filtered by the 
router for such group. 
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Item 

Description 

IM Block 

Display the IM object profile selected for such application 
profile. 

P2P Block 

Display the P2P object profile selected for such application 
profile. 

Protocol Block 

Display the protocol object profile selected for such 
application profile. 


How to create an Application Filter profile 

1. Open Firewall»Filter Setup and click the Application Filter tab. 

2. Simply click the Add button. 

Firewall » Filler Setup » Application Filter 

IP Filter Application Filtei URL Filter 

X Edit jjjj Delete 0 Refresh 1,^ Rename 

Profile Enable This Pi < Time Profile Source IP Exception IP 

No items to show. 


[T^ Add 


3. The following dialog will appear. 

Profile - |_x 



DrayTek 


110 


Vigor2960 Series User’s Guide 














































Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the Application filter profile. 

Enable This Profile 

Check the box to enable this profile. 

Time Profile 

Choose a schedule profile to be applied on such rule. 

You can click Ky to create another new time object profile. 

Source IP 

Choose one or more IP object profiles from the drop down 
list. The selected profile will be treated as source IP. 

You can click 0 to create another new IP object profile. 

Exception IP 

Choose one or more IP object profiles from the drop down 
list. The selected profile will be treated as exception IP 
which will not be filtered by the router for such group. 

You can click 0 to create another new IP object profile. 

IM Block 

Choose one or more IM object profiles from the drop down 
list which will not be allowed to pass through the router. 

You can click to create another new IM object profile. 

P2P Block 

Choose one or more P2P object profiles from the drop down 
list which will not be allowed to pass through the router. 

You can click Kj to create another new P2P object profile. 

Protocol Block 

Choose one or more Protocol object profiles from the drop 
down list which will not be allowed to pass through the 
router. 

You can click 0 to create another new protocol object 
profile. 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


4. Enter all the settings and click Apply. 

5. A new Application filter profile has been added. 


Firewall » Filter Setri|> » Application Filter 


IP Filter Application Filter URL Filter 



Ej Add Edit [Qj Delete ^ Refresh Rename 

Profile Enable This Pn Time Profile 

Source IP Exception IP IM Block 

NOJM true None 

Any None None 
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URL Filter 


URL Filter can integrate URL, Keyword, File extension and WCF object profiles within one 
profile for restricting certain people accessing into Internet. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new group profile for URL filter. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. 

Profile 

Display the name of the application filter profile. 

Enable The Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

Time Profile 

If no time schedule is set, None will be shown in this field. 

Source IP 

Display the source IP object profile selected for each rule. 

Keyword Pass 

Display the keyword object profile selected for each rule 
which is allowed to pass through the router. 
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Item 

Description 

Keyword Block 

Display the keyword object profile selected for each rule 
which is not allowed to pass through the router. 

File Extension Block 

Display the file extension object profile selected for each 
rule which is not allowed to pass through the router. 

Web Category Block 

Display the web category object profile selected for each 
rule which is not allowed to pass through the router. 

Web Category 
Administration Message 

The message will display on the user's browser when he/she 
tries to access the blocked web page. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 


How to create a URL Filter profile 

1. Open Firewall»Filter Setup and click the URL Filter tab. 

2. Simply click the Add button. 



IP Filter 

Application Filter URL Filter 




Add 

Edit ||]| Delete O Refresh 

C& Renarr 

Profile 

Enable This P Time Profile Source IP 

Keywoid 

AP, 

_F_Rule1 

true None Any 

None 


3. The following dialog will appear. 
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Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the URL filter profile. 

Enable This Profile 

Check the box to enable this profile. 

Time Profile 

Choose a schedule profile to be applied on such rule. 

You can click Kj to create another new time object profile. 

Source IP 

Choose one or more IP object profiles from the drop down 
list. The selected profile will be treated as source IP. 

You can click Kj to create another new IP object profile. 

Keyword Pass 

Choose one or more keyword object profiles from the drop 
down list which will be allowed to pass through the router. 

You can click 0 to create another new keyword object 
profile. 

Keyword Block 

Choose one or more keyword object profiles from the drop 
down list which will not be allowed to pass through the 
router. 

You can click 0 to create another new keyword object 
profile. 

File Extension 

Block 

Choose one or more P2P object profiles from the drop down 
list which will not be allowed to pass through the router. 

You can click ^ to create another new file extension 
object profile. 
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Item 

Description 

Web Category 

Block 

Choose one or more WCF object profiles from the drop 
down list which will not be allowed to pass through the 
router. 


You can click 0 to create another new WCF object 
profile. 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


4. Enter all the settings and click Apply. 

5. A new URL filter profile has been added. 

Firewall ;» Filter Setup URL Filter 

IP Filter Application Filter URL Filter 

O Add Edit OD Delete 0 Refresh Rename 

Profile Enable This P Time Profile Source IP Keyword Pas Keyword Bloc File Extensior Wel> Cateyoiy 


AP_F_Rule1 

true 

None 

Any 

None 

None 

None 

None 

KeyworcM 

true 

None 

Any 

None 

None 

None 

None 
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4.4.2 DoS Defense 


The DoS function helps to detect and mitigates DoS attacks. These include flooding-type 
attacks and vulnerability attacks. Flooding-type attacks attempt to use up all your system's 
resources while vulnerability attacks try to paralyze the system by offending the 
vulnerabilities of the protocol or operation system. 



The DoS Defense Engine inspects each incoming packet against the attack signature 
database. Any packet that may paralyze the host in the security zone is blocked. The DoS 
Defense Engine also monitors traffic behavior. Any anomalous situation violating the DoS 
configuration is reported and the attack is mitigated. 


Available parameters are listed as follows: 


Item 

Description 

Enable This Profile 

Check the box to enable this profile. 

Block SYN Flood 

Click Enable to activate the SYN flood defense function. 

If the amount of TCP SYN packets from the Internet exceeds 
the user-defined threshold value, the router will be forced to 
randomly discard the subsequent TCP SYN packets within 
the user-defined timeout period. 

SYN Flood Threshold 

The default setting for threshold is 300 packets per second. 

SYN Flood Timeout 

The default setting for timeout is 10 seconds. 

Block ICMP Flood 

Click Enable to activate the ICMP flood defense function. 

If the amount of ICMP echo requests from the Internet 
exceeds the user-defined threshold value, the router will 
discard the subsequent echo requests within the user-defined 
timeout period. 

ICMP Flood Threshold 

The default setting for threshold is 300 packets per second. 

ICMP Flood Timeout 

The default setting for timeout is 10 seconds. 

Block UDP Flood 

Click Enable to activate the UDP flood defense function. 
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Item 

Description 

If the amount of UDP packets from the Internet exceeds the 
user-defined threshold value, the router will be forced to 
randomly discard the subsequent UDP packets within the 
user-defined timeout period. 

UDP Flood Threshold 

The default setting for threshold is 300 packets per second. 

UDP Flood Timeout 

The default setting for timeout is 10 seconds. 

Block Port Scan 

Click Enable to activate the Port Scan detection function. 

Port scan sends packets with different port numbers to find 
available services, which respond. The router will identify it 
and report a warning message if the port scanning rate in 
packets per second exceeds the user-defined threshold value. 

Port Scan Threshold 

The default threshold is 300 pps (packets per second). 

Block IP Options 

Click Enable to activate the Block IP options function. The 
router will ignore any IP packets with IP option field 
appearing in the datagram header. 

Block Land 

Click Enable to activate the Block Land function. A Land 
attack occurs when an attacker sends spoofed SYN packets 
with identical source address, destination addresses and port 
number as those of the victim. 

Block SMURF 

Click Enable to activate the Block Smurf function. The 
router will reject any ICMP echo request destined for the 
broadcast address. 

Block Trace Route 

Click Enable to activate the Block Trace Route function. 

Block SYN Fragment 

Click Enable to activate the Block SYN fragment function. 
Any packets having the SYN flag and fragmented bit sets 
will be dropped. 

Block Fraggle 

Click Enable to activate the Block fraggle Attack function. 
Any broadcast UDP packets received from the Internet are 
blocked. 

Block Tear Drop 

Click Enable to activate the Block Tear Drop function. This 
attack involves the perpetrator sending overlapping packets 
to the target hosts so that target host will hang once they 
re-construct the packets. The routers will block any packets 
resembling this attacking activity. 

Block Ping of Death 

Click Enable to activate the Block Ping of Death function. 
Many machines may crash when receiving an ICMP 
datagram that exceeds the maximum length. The router will 
block any fragmented ICMP packets with a length greater 
than 1024 octets. 

Block ICMP Fragment 

Click Enable to activate the Block ICMP fragment function. 
Any ICMP packets with fragmented bit sets are dropped. 

Block Unknown 

Protocol 

Click Enable to activate the Block Unknown Protocol 
function. The router will block any packets with unknown 
protocol types. 
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Item 

Description 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 


4.4.3 MAC Block 

MAC Block allows you to set lots of proprietary MAC Address. Packets will be dropped if 
the source or destination MAC Address of packets is matched with these assigned MAC 
Addresses. The advantage of MAC Block is that it can filter some unnecessary packets or 
attacking packets on LAN network. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. 

Profile 

Display the name of the profile. 

Enable The Profile 

Display the status of the profile. False means disabled; True 
means enabled. 


DrayTek 


118 


Vigor2960 Series User’s Guide 























































Item 

Description 

MAC Address 

Display the MAC address for such profile. 


How to create a new MAC Block profile 

1. Open Firewall»MAC Block. 

2. Simply click the Add button. 

Firewall» MAC Bloch 



3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name which can briefly describe the reason of the 
MAC block of such profile. 

Enable This Profile 

Check the box to enable this profile. 

MAC Address 

Type the MAC address which will be blocked by the system 
for such profile. 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


4. Enter all the settings and click Apply. 
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5. 


A new MAC Block profile has been created. 


Firewall» MAC Block 


MAC Block 


|£$ Add 

>£ Edit u Delete 

ifi Refresh Rename 

Profile 

Enable This Profile 

MEM 


true 


4.5 Objects Setting 

Vigor2960 allows users to set different filter profiles based on IP, service type, keyword, file 
extension, instant message application, P2P application, protocol application, web category 
and time setting. These objects setting profiles can be applied in Firewall. 


Objects Setting 


IP Object 
IP Group 

Seivice Type Object 
Seivice Type Group 
Keyword Object 
Keyword Group 
File Extension Object 
IM Object 
P2P Object 
Protocol Object 
Web Category Object 
Time Object 
Time Group 
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4.5.1 IP Object 

For IPs in a limited range usually will be applied in configuring router’s settings, we can 
define them with objects and bind them with groups for using conveniently. Later, we can 
select that object/group that can apply it. For example, all the IPs in the same department can 
be defined with an IP object (a range of IP address). 

This page allows you to specify certain IP address, range of IP addresses or subnet mask as 
an object which will be applied in Firewall. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile Number Limit 

Display the total number (256) of the object profiles to be 
created. 

Profile 

Display the name of the profile. 

Interface 

Display the interface of the IP Object. 

Address Type 

Display the address type (single, range or subnet) for such 
profile. 

Start IP Address 

Display the IP address of the starting point for such profile. 
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Item 

Description 

End IP Address 

Display the IP address of the ending point for such profile. 

It will be joint with Start IP Address only when you choose 
Range as the Address Type. 

Subnet Mask 

Display the subnet mask for such profile. 


How to create a new IP Object profile 


1. Open Objects Setting»IP Object. 

2. Simply click the Add button. 

objects benmy IP uitjeci 


IP Object 


Add 

Profile 


Edit (10 Delete Refresh 

Interface Address Type Stall IP Addres 

No items to show. 


3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of such profile. 

Interface 

i 

c 

t] 

)etermine the category (a 
object. If an IP object is s< 
be field of Source IP on 

Source v 

my, source or destination) of this IP 
et to Source, it will only appear in 

Firewall»IP Filter Rule. 

Any 

Source 

Destination 
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Item 

Description 

Address Type 

C 

F 

Choose the address type (Single / Range /Subnet) for such 
irofile. 

Range v 

Single 

Range 

Subnet 

Start IP Address 

Type the IP address of the starting point for such profile. 

End IP Address 

Type the IP address of the ending point for such profile if 
you choose Range as Address Type. 

Subnet Mask 

Use the drop down list to choose the subnet mask for such 
profile if you choose Subnet as Address Type. 

Apply 

Click it to save and exit the dialog. 

Cancel 

Click it to exit the dialog without saving anything. 


4. Enter all the settings and click Apply. 

5. A new IP object profile has been created. 

Objects Setting »IP Object 
IP Object 

Add Edit |f] | Delete Refresh 

Profile Interface Address Type Start IP Addl es End IP Address Subnet Mask 

IP_object_1 Source Subnet 1 92.1 68.1.78 255.255.255.0 

CRM_server Destination Single 172.16.1.1 
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4.5.2 IP Group 

To manage conveniently, several IP object profiles can be grouped under a group. Different 
IP group can contain different IP object profiles. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile Number Limit 

Display the total number (32) of the object profiles to be 
created. 

Group Name 

Display the name of the object group. 

Interface 

Display the interface of the object group. 

Description 

Display the description for such profile. 

Objects 

Display the object profiles grouped under such group. 


How to create a new IP Group profile 

1. Open Objects Setting»IP Group. 

2. Simply click the Add button. 
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Objects Setting » IP Group 



3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Group Name 

Type the name of the object group. The number of the 
characters allowed to be typed here is 20. 

Interface 

i 

c 

t] 

)etermine the category (any, source or destination) of this IP 
ibject. If an IP object is set to Source, it will only appear in 
be field of Source IP on Firewall»IP Filter Rule. 

Source v 

Any 

Source 

Destination 

Description 

Make a brief explanation for such profile if the group name 
is set not clearly. 

Objects 

Use the drop down list to check the IP object profiles under 
such group. 

All the available IP objects that you have added on Objects 
Setting»IP Object will be seen here. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the dialog without saving anything. 


4. Enter all the settings and click Apply. 
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5. A new IP Group profile has been created. 


IP Group 



4.5.3 Service Type Object 

TCP and UDP service with specified port range can be saved with different service type 
object profiles. Later, it can be applied to Firewall as a filter rule. 


In default, common used service type object profiles have been created in this page. 


DrayTek 


Vigor2960 Series 


Login: Admin 


Auto Logout : Off 


NAT 

Firewall 
Objects Setting 


IP Object 


Service Type Object 


Service Type Group 


Keyword Object 


Keyword Group 


File Extension Object 


Web Category Object 


Time Group 


User Management 

Applications 

VPN and Remote Access 

Certificate Management 

SSL VPN 

Bandwidth Management 


Objects Setting » Service Type Object 


Service Type Object 


(£} Add 

>£ Edit (fi) Delete 

Refresh 



Profile Number Limit : 

96 

Profile 

Protocol 

Source Port Start 

Source Port End 

Destination Port Si Destination Port En 


AUTH 

TCP 

1 

65535 

113 

113 



BGP 

TCP 

1 

65535 

179 

179 



BOOTPCLENT 

UDP 

1 

65535 

68 

68 



BOOTPSERVER 

UDP 

1 

65535 

67 

67 



CU_SEEME_HI 

TCP/UDP 

1 

65535 

24032 

24032 



CU_SEEME_LO 

TCP/UDP 

1 

65535 

7648 

7648 

E 


DNS 

TCP/UDP 

1 

65535 

53 

53 



FINGER 

TCP 

1 

65535 

79 

79 



FTP 

TCP 

1 

65535 

20 

21 



H_323 

TCP 

1 

65535 

1720 

1720 



HTTP 

TCP 

1 

65535 

80 

80 



HTTPS 

TCP 

1 

65535 

443 

443 



IKE 

UDP 

1 

65535 

500 

500 



IRC 

TCP/UDP 

1 

65535 

6667 

6667 



L2TP 

UDP 

1 

65535 

1701 

1701 



NEWS 

TCP 

1 

65535 

144 

144 



NFS 

UDP 

1 

65535 

2049 

2049 



NNTP 

TCP 

1 

65535 

119 

119 

a 




Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile Number Limit 

Display the total number (96) of the object profiles to be 
created. 

Profile 

Display the name of the service type object profile. 
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Item 

Description 

Protocol 

Display the protocol selected for such profile. 

Source Port Start 

Display the starting source port for such profile. 

Source Port End 

Display the ending source port for such profile. 

Destination Port Start 

Display the starting destination port for such profile. 

Destination Port End 

Display the ending destination port for such profile. 


How to create a new Service Type Object profile 

1. Open Objects Setting» Service Type Object. 

2. Simply click the Add button. 

Objects Setting » Service Type Object 



3. The following dialog will appear. 


C 


Available parameters are listed as follows: 


Item 

Description 

Profile 

Type a name for such profile. The number of the characters 
allowed to be typed here is 10. 

Protocol 

Specify one of the protocols for such profile. 

Source Port Start 

It is available for TCP/UDP protocol. It can be ignored for 
ICMP. 


Type a port number (0 - 65535) as the starting source port. 


Service Type Object 


0® 


Profile : Others 

Protocol : TCP 

Source Port Start : 1 

Source Port End : 65535 


Destination Port Start : 1 


Destination Port End : 65535 


H Q Cancel 


rrrrrr 
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Item 

Description 

Source Port End 

It is available for TCP/UDP protocol. It can be ignored for 
ICMP. Type a port number (0 - 65535) as the ending source 
port. 

Destination Port 

Start 

It is available for TCP/UDP protocol. It can be ignored for 
ICMP. 

Type a port number (0 - 65535) as the starting destination 
port. 

Destination Port 

End 

It is available for TCP/UDP protocol. It can be ignored for 
ICMP. Type a port number (0 - 65535) as the ending 
destination port. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the dialog without saving anything. 


4. Enter all the settings and click Apply. 

5. A new Service Type Object profile has been created. 


SYSLOG 

UDP 1 

65535 

514 

514 

TELNET 

TCP 1 

65535 

23 

23 

TFTP 

UDP 1 

65535 

69 

69 

Others 

TCP 1 

65535 

1 

65535 


h I _ ~ _Til_I |_v 


4.5.4 Service Type Group 

This page allows you to bind several service types into one group. 

To manage conveniently, several service type profiles can be grouped under a service type 
group. Different service type group can contain different service type profiles. 



Each item will be explained as follows: 
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Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile Number Limit 

Display the total number (32) of the object profiles to be 
created. 

Group Name 

Display the name of the service type group. 

Description 

Display the description for such profile. 

Objects 

Display the service type object profiles grouped under such 
group. 


How to create a new Service Type Group profile 

1. Open Objects Setting» Service Type Group. 

2. Simply click the Add button. 

Objects Setting » Service Type Group 

Service Type Group 

Edit [Jj Delete O Refr 

Group Hnnie Descripti 


3^ Add 


3. The following dialog will appear. 



Available parameters are listed as follows: 
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Item 

Description 

Group Name 

Type the name of the service type object group. The number 
of the characters allowed to be typed here is 20. 

Group Name 

Type the name of the service type object group. The number 
of the characters allowed to be typed here is 20. 

Objects 

Use the drop down list to check the service type object 
profiles under such group. 

All the available service type objects that you have added on 
Objects Setting»Service Type Object will be seen here. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 

5. A new Service Type Group profile has been created. 


Objects Setting » Service Type Group 


Service Type Group 

SJj Add >£ Edit Q|J Delete 

Refresh 

Profile 

Group Name 

Description 

Objects 

Cross_Dept 

Used for departments 

AUTH 
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4.5.5 Keyword Object 

Keyword can be set as a filter rule to be applied in Firewall. Vigor2960 allows users to set 
keyword profile with several keywords. Even, it allows users to group several keyword 
profiles within a keyword group. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile Number Limit 

Display the total number (100) of the object profiles to be 
created. 

Profile 

Display the name of the keyword object profile. 

Member 

Display the words specified in such profile. 
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How to create a new Keyword Object profile 

1. Open Objects Setting» Keyword Object. 

2. Simply click the Add button. 

Objects Setting » Keyword Object 

Keyword Object 

Edit (J) Delete O Refresh 

Profile 


Add 


3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the service type object group. The number 
of the characters allowed to be typed here is 10. 

Member 

Type the content for such profile. For example, type 
gambling as Contents. When you browse the webpage, the 
page with gambling information will be watched out and be 
passed/blocked based on the configuration on Firewall 
settings. 

Add - Type the word in the box of Member and click this 
button to add the new word as keyword object. 


Save - Click it to save the setting. 


J - click the icon to remove the selected entry. 

Apply 

Click it to save the configuration. 
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Item 

Description 

Cancel 

Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 

5. A new Keyword Object profile has been created. 



Keyword Object 


4.5.6 Keyword Group 

To manage conveniently, several keyword profiles can be grouped under a keyword group. 
Different keyword group can contain different keyword profiles. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 


To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 


To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 
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Item 

Description 

Profile Number Limit 

Display the total number (16) of the object profiles to be 
created. 

Group Name 

Display the name of the service type group. 

Description 

Display the brief explanation for such profile. 

Objects 

Display the keyword object profiles grouped under such 
group. 


How to create a new Keyword Group Profile 

1. Open Objects Setting» Keyword Group. 

2. Simply click the Add button. 

Objects Setting » Keyword Group 


Keyword Group 



Add 

X Edit (2) Delete (**> Refresh 

Group Name 

Description 

Nc 


3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Group Name 

Type the name of the service type object group. The number 
of the characters allowed to be typed here is 20. 

Description 

Make a brief explanation for such profile if the group name 
is set not clearly. 

Objects 

Use the drop down list to check the keyword object profiles 
under such group. 


All the available keyword objects that you have added on 

Objects Setting»Keyword Object will be seen here. 

Apply 

Click it to save the configuration. 
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Item 

Description 

Cancel 

Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 

5. A new Keyword Group profile has been created. 


Objects Setting » Keywor d Gr oup 


Keyword Group 


Add >£ Edit 

(JJJ Delete Refresh 


Profi 

Group Name 

Description 

Objects 


KG_1 

first group 

KO_1 



4.5.7 File Extension Object 

This page allows you to set file extension profiles which will be applied in Firewall. All the 
files with the extension names specified in these profiles will be processed according to the 
chosen action. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 


To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 


To delete a rule, simply select the one you want to delete and 
click the Delete button. 


Vigor2960 Series User’s Guide 


135 


DrayTek 
































































Item 

Description 

Refresh 

Renew current web page. 

Profile Number Limit 

Display the total number (8) of the object profiles to be 
created. 

Profile 

Display the name of the profile. 

Image 

Display the selected file extension of image. 

Video 

Display the selected file extension of video. 

Audio 

Display the selected file extension of audio. 

Java 

Display the selected file extension of java. 

ActiveX 

Display the selected file extension of activeX. 

Compression 

Display the selected file extension of compression. 

Execution 

Display the selected file extension of execution. 


How to create a new File Extension Object Profile 

1. Open Objects Setting»File Extension Object. 

2. Simply click the Add button. 

Objects Setting » File Extension Object 

File Extension Object 

A Edit ||"]| Delete R 

Profile Image Video A< 


Q Add 


3. The following dialog will appear. 


rtUU 


tUIL 


i.»JjQlQTQ- 


ifcjL K«.irubn 


File Extension Object 




Profile : 
linage : 

Video : 

Audio : 

Java : 

ActiveX : 
Compression : 
Execution : 


File Ext 1 


.bmp, .dita 

V 

.mov, .mpe, .mpeg, .mi: 

V 

.au, .mp3, ,m4a 

V 

.class, jad 

V 

.alx, .apb, .axs 

V 

.ace 

V 

.exe, .inf, .pif 

V 


Apply 3 Cancel 
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Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the File Extension Object group. The 
number of the characters allowed to be typed here is 10. 

Image 

Several file extensions for Image offered for you to choose. 
Use the drop down list to check the box (es) to select the file 
extension you need. 

Video 

Several file extensions for Video offered for you to choose. 
Use the drop down list to check the box (es) to select the file 
extension you need. 

Audio 

Several file extensions for Audio offered for you to choose. 
Use the drop down list to check the box (es) to select the file 
extension you need. 

Java 

Several file extensions for Java offered for you to choose. 

Use the drop down list to check the box (es) to select the file 
extension you need. 

ActiveX 

Several file extensions for ActiveX offered for you to 
choose. Use the drop down list to check the box (es) to select 
the file extension you need. 

Compression 

Several file extensions for compression offered for you to 
choose. Use the drop down list to check the box (es) to select 
the file extension you need. 

Execution 

Several file extensions for execution offered for you to 
choose. Use the drop down list to check the box (es) to select 
the file extension you need. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 

5. A new File Extension Object profile has been created. 


File Extension Object 


S Add 

A Edit 

QQ Delete if* Refresh 



Profile 

1 

Image 

—1-1-1 

Video Audio 

Java 

- i -!-' 

ActiveX Compression Execution 

File_ExM 

.bmp,.dib 

.mov 1 .mpe 1 .mFi .au,.mp3 1 .m4a 

class.jad 

.alx,.apb,.axs .ace .exe,.inf,.pif 
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4.5.8 IM Object 

People like to use Instant Message to communication with friends on line just for fun or just 
because it is easy and convenient. However, it might reduce the productivity of employees to 
a company. Therefore, a tool to block or limit the usage of IM application is important to a 
company. IM object setting lists all of the popular instant message application for you to 
choose to block. Choose the one(s) you want to block and save as an IM Object profile. Later, 
it can be applied to Firewall as a filter rule and reach the purpose of block. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile Number Limit 

Display the total number (32) of the object profiles to be 
created. 

Profile 

Display the name of the IM object profile. 

Member 

Display the IM application specified in such profile. 

WebIM 

Display the status of IM object whether including the 
specified set of web IM or not. 
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How to create a new IM Object Profile 

1. Open Objects Setting»IM Object. 

2. Simply click the Add button. 

Objects Setting »IM Object 


IM Object 



10 Add 

Edit OH Delete Re 


Profile Menibei 


3. The following dialog will appear. 


IM Object I - x 


Profile : 

IM_1 


Memhei : 

MSN, QQ, iCQ, iCHAT 

V 


WebIM 

eMessenaer 

WebMSN 

Meebo* 


I 


messenaerAuictcis 

WebYahoolM 


H Apply Q Cancel 


Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the IM object group. The number of the 
characters allowed to be typed here is 10. 

Member 

Several IM applications offered for you to choose. Check the 
one(s) you want to add for such profile. 


Memhei : 


@ WebIM 

eMessenaer 

WebMSN 

Meebo* 

IMhaha* 


MSN 

1, QQ, iCQ, iCHAT v 

m 

MSN 

□ 

AIM 

□ 

Google-Talk 

□ 

Yahoo-Msg 

m 

QQ 

m 

iCQ 

m 

iCHAT 

□ 

SKYPE 
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Item 

Description 

WebIM 

It lists a package of IM application based on web page. You 
may check the box to include all of them. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 

5. A new IM Object profile has been created. 


Objects Setting >> IM Object 


IM Object 


Add Edit DD Delete 0 Refresh 


Profile 

IM 1 


Member 

MSN.QQ.iCQ.iCHAT 


WebIM 

enable 
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4.5.9 P2P Object 

Vigor2960 can block P2P application for users, especially for the ones who always upload or 
download improper files to Internet. 

P2P object setting lists all of the point to point application for you to choose to block. 

Choose the one(s) you want to block and save as a P2P Object profile. Later, it can be 
applied to Firewall as a filter rule and reach the purpose of block. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile Number Limit 

Display the total number (32) of the object profiles to be 
created. 

Profile 

Display the name of the IM object profile. 

Member 

Display the P2P application specified in such profile. 
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How to create a new P2P Object Profile 


1. Open Objects Setting»P2P Object. 

2. Simply click the Add button. 

Objects Setting » P2P Object 


P2P Object 


Add Edit HO Delete 0 Refresh 


Profile 


No 


3. The following dialog will appear. 


P2P Object 

a® 

Profile : P2P_0bj_1 


Member : SoulSeek, eDonkey, Fa|~v~| 


H Apply Cancel 


Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the IM object group. The number of the 
characters allowed to be typed here is 10. 

Member 

Several P2P apj 
the one(s) you \ 

Member : 

dications offered for you 
vant to add for such prof 

SoulSeek, eDonkey, Fa v 

to choose. Check 
ile. 

I 

|7] SoulSeek 

2 eDonkey 

M FastTrack 

Gnutella 
□ BT 

OpenFT 

OpenNap 

C Xunlei 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 
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5. A new P2P Object profile has been created. 


Objects Setting » P2P Object 


P2P Object 




£3 Add >t Edit (fi| Delete O Refresh 


Profile 

Member 

P2P_0bj_1 

SoulSeek.eDonkey.FastTrack 


4.5.10 Protocol Object 

Network services, e.g., DNS, FTP, HTTP, POP3, for LAN users can be blocked by 
Vigor2960. Common services will be listed in this function and can be selected to be 
blocked by the router. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 


To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 


To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 
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Item 

Description 

Profile Number Limit 

Display the total number (32) of the object profiles to be 


created. 

Profile 

Display the name of the IM object profile. 

Member 

Display the protocol application specified in such profile. 


How to create a new Protocol Object Profile 


1. Open Objects Setting»Protocol Object. 

2. Simply click the Add button. 

Objects Setting » Protocol Object 


Protocol Object 


O Add 


A Edit 


Profile 


|[]| Delete 0 Refres 


3. The following dialog will appear. 



\m\ 

Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the protocol object profile. The number of 
the characters allowed to be typed here is 10. 
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Member 


Several protocols offered for you to choose. Check the one 
(s) you want to add for such profile. 



Protocol Objo< 


Profile 


Member 


u MSSQL 
MYSQL 
□ Oracle 
0 PostgreSQL 
0 Sybase 
0 DB2 
O Informix 
PostgreSQL, Sybase, L v" 



Apply 


Click it to save the configuration. 


Cancel 


Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 

5. A new P2P Object profile has been created. 

Objects Setting » Protocol Object 
Protocol Object 

Add >£ Edit jjfj Delete 0 Refresh 

1 - 

Member 

PostgreSGL.Sybase.DBS 


Profile 

Proto_Obj_1 


4.5.11 Web Category Object 

We all know that the content on the Internet just like other types of media may be 
inappropriate sometimes. As a responsible parent or employer, you should protect those in 
your trust against the hazards. With web category filtering service of the Vigor router, you 
can protect your business from common primary threats, such as productivity, legal liability, 
network and security threats. For parents, you can protect your children from viewing adult 
websites or chat rooms. 

WCF adopts the mechanism developed and offered by certain service provider. No matter 
activating WCF feature or getting a new license for web content filter, you have to click 
Activate URL to satisfy your request. Note that service provider matching with Vigor router 
currently offers a period of time for trial version for users to experiment. If you want to 
purchase a formal edition, simply contact with your DrayTek dealer. 
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Note: Web Content Filter (WCF) is not a built-in service of Vigor router but a service 
powered by Commtouch. If you want to use such service (trial or formal edition), you 
have to perform the procedure of activation first. For the service of formal edition, 
please contact with your dealer/distributor for detailed information. 


Web Category Object 


Objects Setting » Web Category Object» Web Category Object 





Web Category Object Content Filter License 


B Add >£ Edit Delete 0 Refresh 


Profile Child Protectior Leisure Business Chatting Computer Other 


No items to show. 


a_«_i l> 





Each item will be explained as follows: 
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Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile Number Limit 

Display the total number (16) of the object profiles to be 
created. 

Profile 

Display the name of the object profile. 

Child Protection 

Display the items under certain category that you choose to 
block for protecting the children. 

Leisure 

Display the items under certain category that you choose to 
block. 

Business 

Display the items under certain category that you choose to 
block. 

Chatting 

Display the items under certain category that you choose to 
block. 

Computer 

Display the items under certain category that you choose to 
block. 

Other 

Display the items under certain category that you choose to 
block. 


How to create a new Web Category Object Profile 


1. Open Objects Setting» Web Category Object and click the Web Category Object 
tab. 

2. Simply click the Add button. 

Objects Setting » Web Categoiy Object >> Web Categoiy Object 


Web C ategoiy Object ContentFilterLicense 


O Add 

Profile 


Edit jjjj Delete O Refresh 

Child Pi otectioi Leisure Business Chatti 

No items to show. 


3. The following dialog will appear. 
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Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the web category object profile. The 
number of the characters allowed to be typed here is 10. 

Child Protection 

The web pages which are not suitable for children will be 
classified into different categories. Simply check the one(s) 
that you don’t want the children to visit. 

Child Protection : Alcohol-And-Tobacco, t v 


Leisure ■ Alcohol-And-Tobacco 

7 Criminal-And-Activity 

Business : 7 Gambling 

□ Hate-And-Intolerance 

Chatting : !□ Illegal-Drug 

Leisure 

Simply check the one(s) that you don’t want the user to visit. 

Business 

Simply check the one(s) that you don’t want the user to visit. 

Chatting 

Simply check the one(s) that you don’t want the user to use 
for gossip with remote people. 

Computer 

Simply check the one(s) that you don’t want the user to visit. 

Other 

Simply check the one(s) that you don’t want the user to visit. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 


DrayTek 


148 


Vigor2960 Series User’s Guide 


































5. A new Web Category Object profile has been created. 
Objects Setting » Wel> Category Object» Web Category Object 


Web Category Object C o nte nt F i Ite r Li c e n s e 


gs Add 

it Edit HD Delete Refresh 



Profile 

Child Protectior Leisure 

Business Chatting 

Computer 

Othei 

WC0_1 

Alcohol-And-Tot Sports.Travel 

Web-Based-Em Chat 

Botnets.Hackinc News," 


Content Filter License 

Move your mouse to the link of Activate URL and click it. The system will guide you to 
access into MyVigor website. 



After finishing the activation for the trial version of WCF, remember to purchase “Silver 
Card” for WCF service from your DrayTek dealer or distributor. 
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4.5.12 Time Object 

You restrict Internet access to certain hours so that users can connect to the Internet only 
during certain hours, say, business hours. The schedule is also applicable to other functions, 
e.g., Firewall. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile Number Limit 

Display the total number (16) of the object profiles to be 
created. 

Profile 

Display the name of the time object profile. 

Frequency 

Display the duration (or period) of the time object profile. 

Start Date 

Display the starting date of the time object profile. 

Start Time 

Display the starting time of the time object profile. 

End Date 

Display the ending date of the time object profile. 

End Time 

Display the ending time of the time object profile. 
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Item 

Description 

Weekdays 

Display the frequency of such time object profile. 


How to create a new Time Object Profile 

1. Open Objects Setting» Time Object. 

2. Simply click the Add button. 


Objects Settiny » Time Object 


Time Object 








Add 

/£ Edit ||]| Delete i.*> Refre 


Profile 

Frequency Stmt Date 


r- 


3. The following dialog will appear. 


Time Object 



X 

■ 

Profile : 

Time0_1 


Frequency : 

Weekdays 

V 


Stall Date : 

2010-01-01 


Start Time : 

00:00:00 


End Date : 

2010-01-01 


End Time : 

23:00:00 


Weekdays : 

Mon, Tue, Wed 

V 


H Apply Cancel 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the time object profile. The number of the 
characters allowed to be typed here is 10. 

Frequency 

Specify how often (Weekdays or Once) the schedule will be 
applied. 

Start Date 

Specify the starting date of the time object profile. 

Start Time 

Specify the starting time of the time object profile. 

End Date 

Specify the ending date of the time object profile. 

End Time 

Specify the ending time of the time object profile. 
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Weekdays 


Specify which days in one week should perform the 
schedule. 


hi iii Time 


Weekdays : 


00 : 00:00 


Tue, Wed 


□ 

Mon 

m 

Tue 

m 

Wed 

□ 

Thu 

□ 

Fri 

□ 

Sat 

□ 

Sun 


Apply 


Click it to save the configuration. 


Cancel 


Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 

5. A new Time Object profile has been created. 

Objects Setting >> Time Object 
Time Object 

Add >£ Edit jffi Delete C* Refresh 

Profile Frequency Stan Date Stan Time End Date End Time 

TimeOJ Weekdays 2010-01-01 00:00:00 2010-01-01 00:00:00 M 


4.5.13 Time Group 

This page allows you to group several time object profiles. 
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Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile Number Limit 

Display the total number (8) of the object profiles to be 
created. 

Group Name 

Display the name of the group. 

Description 

Display the brief explanation for such group. 

Objects 

Display the time objects selected by such group. 


How to create a new Time Group Profile 

1. Open Objects Setting» Time Group. 

2. Simply click the Add button. 


Objects Setting » Time Gi oup 


Time Group 








^ Add 

Edit 

HQ Delete Refresh 

Group Name 

Description 


No items 


3. The following dialog will appear. 
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Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the time group. The number of the 
characters allowed to be typed here is 10. 

Description 

Make a brief explanation for such profile if the group name 
is set not clearly. 

Objects 

Use the drop down list to check the time object profiles 
under such group. 

All the available time objects that you have added on 

Objects Setting»Time Object will be seen here. 

Objects : 

Time0_1 v 

|7] TimeOJ 


Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 

5. A new Web Category Object profile has been created. 

Objects Setting » Time Group 


Time Group 


££} Add >£ Edit 

|f]| Delete Refresh 


Group Name 

Description 

Objects 

TimeGrpJ 

For Market only 

TimeOJ 


4.6 User Management 

User Management can manage all the accounts (user profiles) to connect to Internet via 
different protocols. 


User Management 


General Setup 
User Profile 
User Group 
RADIUS 

LDAP. Active Directoiy 


4.6.1 General Setup 

General Setup can determine the standard (rule-based or user-based) for the users controlled 
by User Management. The mode (standard) selected here will influence the contents of the 
filter rule(s) applied to every user. 
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Available parameters will be explained as follows: 


Item 


Description 


Mode 


There are two modes offered here for you to choose. Each 
mode will bring different filtering effect to the users 
involved. 


User-Based - If you choose such mode, the router will apply 
the filter rules configured in User Management»User 
Profile to the users. 


Authentication Type 


Rule-Based -If you choose such mode, the router will apply 
the filter rules configured in Firewall»General Setup and 
Filter Rule to the users. 

Under User_Based mode, please specify the authentication 
type. 


Mo<le : 

User Based 

V 

Authentication Type : 

Local 

V 

White IP List : 

Local 

LDAP 


White IP List 


Under User_Based mode, use the drop down list to choose 
IP object and/or IP group profiles. 


Mode : 

Authentication Type : 
White IP List : 


User_Based 

V 

Local 

V 

none 

V j 

None 

□ IP_Group_1 


Apply 


Click it to save the configuration. 
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Item 

Description 

Cancel 

Click it to discard the settings configured in this page. 


User-Based Firewall Status 


The User-Based Firewall Status is a monitoring tool which only works after you choose 
User Based as the Mode setting on User Management»General Setup. 

User authentication setup will launch if the router is running in User_Based mode. The 
User-based Firewall Status will start to record each authentication event of specified users 
including authentication failure or success, user’s IP, when or how much time the user uses, 
and how much rest time for the user. 


User Management» General Setup » User-Based Firewall Status 


General Setup User-Based Firewall Status 


C* Refresh 


Auto Refresh: [lO Seconds vj 


— 

ip 

Allow Time 

Start Time 

End Time 

Rest Time 

Delete 


No items to show. 


Available parameters will be explained as follows: 


Item 


Description 


Refresh 


Renew current web page. 


Auto Refresh 


Specify the interval of refresh time to obtain the latest status. 
The information will update immediately when the Refresh 
button is clicked. 


10 Seconds 

v 

10 Seconds 


30 Seconds 

i 

1 Minute 


Disable 



User Name 


Display the name information for the user who logs into the 
WUI of Vigor2960. 
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Item 

Description 

IP 

Display the IP address of the user who logs into the WUI of 
Vigor2960. 

Allow Time 

Display the total network connection time allowed for the 
log-in user. 

Start Time 

Display the starting time of the network connection. 

End Time 

Display the ending time of the network connection. 

Rest Time 

Display the rest time for the wireless station to browse the 
Internet. 

Delete 

1 - It is available for the administrator to turn off a specific 
user’s connection immediately. 

tus 


onds v 

Start Time End Time Rest Time Remove 

201 1-1 0-20 1 6:07:55 201 1-1 0-21 00:07:55 07:59:32 fffl 
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4.6.2 User Profile 

This function allows to configure all accounts (user profiles) in Vigor2960, including 
PPTP/L2TP, System user, and so on. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile Number Limit 

Display the total number (200) of the object profiles to be 
created. 

Username 

Display the name of the user. 

Enable This Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

System User 

Display the status of the System User. False means disabled; 
True means enabled. 

PPTP 

Display the status of PPTP/L2TP connection for such user 
profile. 

L2TP 

Display the LAN profile that such profile belongs to. 
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Item 

Description 

DHCP from 

Display the LAN profile that DHCP server used for 
assigning IP address(es). 

Static IP Address 

Display the IP address for such user profile which accesses 
Internet with PPTP/L2TP connection. 

Use mOTP 

Display if mOTP is activated (enable or disable) or not. 


How to create a new User Profile 

1. Open User Management»User Profile. 

2. Simply click the Add button. 

User Management» User Profile 
User Profile 

G Add A Edit (JO Delete & Refresh 
Username Enable This P System User PPTP 

No 

3. The following dialog will appear. 
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Available parameters are listed as follows: 


Item 

Description 

Username 

Type a name for such user profile (e.g., 

LAN_User_Group_l, WLAN User Group A, 

WLAN User Group_B, etc). When a user tries to access 
Internet through this router, an authentication step must be 
performed first. The user has to type the Username specified 
here to pass the authentication. When the user passes the 
authentication, he/she can access Internet via this router. 
However the accessing operation will be restricted with the 
conditions configured in this user profile. 

Enable This Profile 

Check this box to enable such profile. 
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Password 

Type a password for such profile (e.g., Iugl23, 
wugl23,wug456, etc). When a user tries to access Internet 
through this router, an authentication step must be performed 
first. The user has to type the password specified here to pass 
the authentication. When the user passes the authentication, 
he/she can access Internet via this router with the limitation 
configured in this user profile. 

Idle Timeout 

If the user is idle over the limitation of the timer, the 

network connection will be stopped for such user. By 

default, the Idle Timeout is set to 300 seconds. 

Usage Time (min) 

It means the maximum usage duration for the user. By 
default, the Usage Time is 480 minutes. 

System User 

Choose True to allow the user accessing into WUI of 
Vigor2960 via the username and password above. If you 
choose False, you can set SSL for such profile. 

Group 

Choose the level for such profile from the drop down list. 


User v 

User 

Operator 

Admin 

User - the user that accessing into the web configurator of 
Vigor2960 can see limited settings. 

Operator - the user that accessing into the web configurator 
of Vigor2960 can see most of the settings. 

Admin - the user that accessing into the web configurator of 
Vigor2960 can see all of the settings. Such level owns the 
highest authority. 

PPTP/L2TP 

Click Enable to make network connection through 

PPTP/L2TP protocol for users who access into Internet via 
such profile. 

DHCP from 

Choose a LAN profile for DHCP server. 

Static IP Address 

Type an IP address for such user profile which accesses 
Internet with PPTP/L2TP connection. 

Use mOTP 

Click Enable to make the authentication with mOTP 
function. 

mOTP PIN Code 

Type the code for authentication (e.g, 1234). 

mOTP secret 

Use the 32 digit-secret number generated by mOTP in the 
mobile phone (e.g., e759bb6f0e94c7ab4fe6). 

SSL Proxy 

It is available when System User is set with false. The web 
proxy over SSL will be applied for VPN. 

SSL Application 
(VNC) 

It is available when System User is set with false. Choose 
one of the SSL Application profiles (VNC) for applying into 
this profile. 
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SSL Application 
(RDP) 

It is available when System User is set with false. Choose 
one of the SSL Application profiles (RDP) for applying into 
this profile. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 

5. A new User Profile has been created. 


User P,1anagement» User Profile 


User Profile 


© Add 

X Edit HQ Deists & Refresh 


Username 

Enable This P 

System User 

PPTP L2TP 

DHCP from 

Data_out 

true 

true 

Disable Disable 

ianl 
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4.6.3 User Group 

The User Group can consist of several user profiles, which help the administrator to manage 
a large number of users conveniently. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Delete 

Remove the selected profile. 

To delete a rule, simply select the one you want to delete and 
click the Delete button. 

Refresh 

Renew current web page. 

Profile Number Limit 

Display the total number (200) of the object profiles to be 
created. 

Usergroup 

Display the name of the user group. 

Enable This Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

Member 

Display the user profiles under such group. 
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How to create a new User Group Profile 

1. Open User Management»User Group. 

2. Simply click the Add button. 


User Management» User Group 


User Group 



Add 

X Edit j|Q Delete t*' Refresh 


Usergroup Enable Tl lis Profile 

No items to show. 


3. The following dialog will appear. 


Usei Group 


- [x 

Useigioup : LAN_UGroup_1 



j Enable This Profile 



Member : Data_out 

■. □ 



H Apply O Cancel 


Available parameters are listed as follows: 


Item 

Description 

Usergroup 

Type the name of such profile. 

Enable This Profile 

Check this box to enable such profile. 

Member 

Use the drop down list to check the user profile(s) under 
such group. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 

5. A new User Profile has been created. 

User Management » User Group 


User Group 


O Add Edit 

|[]| Delete Refresh 


Usergroup 

Enable This Profile 

Member 

U\N_UGroup_1 

true 

Data_out 
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4.6.4 RADIUS 


Remote Authentication Dial-In User Service (RADIUS) is a security authentication 
client/server protocol that supports authentication, authorization and accounting, which is 
widely used by Internet service providers. It is the most common method of authenticating 
and authorizing dial-up and tunneled network users. 

The built-in RADIUS client feature enables the router to assist the remote dial-in user or a 
wireless station and the RADIUS server in performing mutual authentication. It enables 
centralized remote access authentication for network management. 



Available parameters are listed as follows: 


Item 

Description 

Enable This Profile 

Check this box to enable such profile. 

Server IP Address 

Enter the IP address of RADIUS server. 

Destination Port 

The UDP port number that the RADIUS server is using. The 
default value is 1812, based on RFC 2138. 

Shared Secret 

The RADIUS server and client share a secret that is used to 
authenticate the messages sent between them. Both sides 
must be configured to use the same shared secret. 

Refresh 

Renew current web page. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 
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4.6.5 LDAP/Active Directory 

Lightweight Directory Access Protocol (LDAP) is a communication protocol for using in 
TCP/IP network. It defines the methods to access distributing directory server by clients, 
work on directory and share the information in the directory by clients. The LDAP standard 
is established by the work team of Internet Engineering Task Force (IETF). 

As the name described, LDAP is designed as an effect way to access directory service 
without the complexity of other directory service protocols. For LDAP is defined to perform , 
inquire and modify the information within the directory, and acquire the data in the directory 
securely, therefore users can apply LDAP to search or list the directory object, inquire or 
manage the active directory. 



Available parameters are listed as follows: 


Item 

Description 

Enable This Profile 

Check this box to enable such profile. 

Server IP Address 

Enter the IP address of RADIUS server. 

Port 

It means the port on TCP for establishing an LDAP session 
between clients and LDAP server. The default value is 389. 

Base DN 

It means “Base Distinguished Name”. Type or edit the 
distinguished name used to look up entries on the LDAP 
server. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 
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4,7 Application 

Below shows the menu items for Applications. 



4.7.1 Dynamic DNS 

The ISP often provides you with a dynamic IP address when you connect to the Internet via 
your ISP. It means that the public IP address assigned to your router changes each time you 
access the Internet. The Dynamic DNS feature lets you assign a domain name to a dynamic 
WAN IP address. It allows the router to update its online WAN IP address mappings on the 
specified Dynamic DNS server. Once the router is online, you will be able to use the 
registered domain name to access the router or internal virtual servers from the Internet. It is 
particularly helpful if you host a web server, FTP server, or other server behind the router. 



Before you use the Dynamic DNS feature, you have to apply for free DDNS service to the 
DDNS service providers. The router provides up to ten accounts from eight different DDNS 
service providers. Basically, Vigor routers are compatible with the DDNS services supplied 
by most popular DDNS service providers such as www.dyndns.org,www.no-ip.com, 
www.dtdns.com,www.changeip.com, www.dynamic-nameserver.com. You should visit 
their websites to register your own domain name for the router. 
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Status 

This page displays all the available DDNS profiles. 


Applications » Dynamic DNS » Status 


Status 


Setting 


i** Refresh Auto Refresh : 

10 Seconds 

V 


Profile 

Status 

Domain Name 



ddnsl 

Not Connected 

ddns2 

Not Connected 

ddns3 

Not Connected 

ddns4 

Not Connected 

ddnsS 

Not Connected 

ddns6 

Not Connected 

ddns7 

Not Connected 

ddnsS 

Not Connected 

ddns9 

Not Connected 

ddnslO 

Not Connected 


11 


E 


Each item will be explained as follows: 


Item 

Description 

Refresh 

Renew current web page. 

Auto Refresh 

Specify the interval of refresh time to obtain the latest status. 
The information will update immediately when the Refresh 
button is clicked. 

10 Seconds |v 

10 Seconds 

30 Seconds 

1 Minute 

Disable 

Profile 

Display the name of the DDNS. 

Status 

Display the connection status of the DDNS server. 

Domain Name 

Display the domain name for the DDNS server. 
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Setting 

This page allows you to configure DDNS server for your request. 


Applications » Dynamic DNS » Setting 


Status 

Setting 



Edit 

^ Refresh 





Profile 

Enable This Prof WAN Profile 

Routing Policy Service Providei 

■ Service Type 

Domain Name 

ddnsl 

false 

wanl 

dyndns 

Dynamic 


ddns2 

false 

want 

dyndns 

Dynamic 


ddns3 

false 

wanl 

dyndns 

Dynamic 


ddns4 

false 

wanl 

dyndns 

Dynamic 


ddnsS 

false 

wanl 

dyndns 

Dynamic 


ddnsS 

false 

wanl 

dyndns 

Dynamic 


ddnsT 

false 

wanl 

dyndns 

Dynamic 


ddns-S 

false 

wanl 

dyndns 

Dynamic 


ddnss 

false 

want 

dyndns 

Dynamic 


ddnsl0 

false 

wanl 

dyndns 

Dynamic 



Each item will be explained as follows: 


Item 

Description 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
rule. 

Refresh 

Renew current web page. 

Profile 

Display the name of the profile. 

Enable This Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

WAN Profile 

Display current WAN profile used by such DDNS profile. 

Routing Policy 

Display the routing policy used for such DDNS profile. 

Service Provider 

Display the name of service provider used by such profile. 

Service Type 

Display the type for such profile. 

Domain Name 

Display the domain name of such profile. 
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How to edit an existing DDNS Profile 

There are 10 sets of DDNS server offered for you to modify and configure. Please choose 
any one of them and click Edit to open the following page for modification. 

1. Open Applications»Dynamic DNS and click the Setting tab. 

2. Choose the one you want to edit and click the Edit button on the top. 


Setting 



- [X 

Profile : 

ddnsl 



[7 Enable This Profile 



WAN Profile : 

wanl 

V 


Routing Policy : 

selected_v;an_first 

V 


Service Provider : 

dyndns 

V 


Service Type : 

Dynamic 

V 


Domain Name: 



User Login Name 



Rassv/ord : 



Wild Card : 

0 Enable 0 Disable 



Backup MX : 

0 Enable 0 Disable 



P«1ail Extender : 


(Optional} 

El Apply ^ Cancel 


Available parameters are listed as follows: 


Item 

Description 

Profile 

Display the name of the profile. 

Enable This Profile 

Check this box to enable such profile. 

WAN Profile 

Choose a WAN profile that such profile will apply to. 

Routing Policy 

Ch 

Sel 

api 

Sel 

api 

oose the routing policy o 

ected wan first - Choc 
died by the selected WA 

ectedwanonly - Choc 
died by the selected WA 

3ebcted_'.van_first v 

f such profile. 

>se it to make such profile being 

N interface only first. 

>se it to make such profile being 

N interface only. 

setected_wan_first 
selected wan only 

Service Provider 

Select the service provider for the DDNS account. 
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Service Type 


Select a service type (Dynamic, Custom or Static). If you 
choose Custom, you can modify the domain that is chosen in 
the Domain Name field. 


Dynamic 

V 

Dynamic 


Static 


Custom 



Domain Name 


User Login Name 

Password 

Wildcard and 
Backup MX 


Mail Extender 

Apply 

Cancel 


Type in one domain name that you applied previously. Use 
the drop down list to choose the desired domain. 

Type in the login name that you set for applying domain. 

Type in the password that you set for applying domain. 

The Wildcard and Backup MX features are not supported for 
all Dynamic DNS providers. You could get more detailed 
information from their websites. 

Type the IP/Domain name of the mail server. 

Click it to save the configuration. 

Click it to exit the dialog without saving the configuration. 


3. Enter all the settings and click Apply. 

4. The DDNS Profile has been modified. 


Applications » Dynamic DNS » Setting 


Status Setting 


>£ Edit 

0 Refresh 





Profile 

Enable This Prof IVAN Profile 

Routing Policy 

Service Provider 

Service Type 

Domain Name 

ddnsl 

ddns2 

true want 

false wanl 

selected_vvan_fi... 

. dyndns 

dyndns 

Dynamic 

Dynamic 

192.16B.1.101 
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4.7.2 GVRP 


This function can define the method for the changing the VLAN information among devices. 
With supporting GVRP, the device can receive the VLAN information coming from other 
devices. 



Available parameters are listed as follows: 


Item 

Description 

Enable This Profile 

Check this box to enable GVRP function. 

Interface 

Choose a LAN or WAN profile. 

Join Time 

Define the time for the system to send GVRP packet to other 
device. The unit is second. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 
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4.7.3 IGMP Proxy 

IGMP is the abbreviation of Internet Group Management Protocol. It is a communication 
protocol which is mainly used for managing the membership of Internet Protocol multicast 
groups. 



Available parameters are listed as follows: 


Item 

Description 

Enable This Profile 

Check this box to enable GVRP function. 

Interface 

Choose a channel for IGMP. 

Downstream 

Choose a profile for use while downloading data from 

Internet. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 


4.7.4 UPnP 

The UPnP (Universal Plug and Play) protocol is supported to bring to network connected 
devices the ease of installation and configuration which is already available for directly 
connected PC peripherals with the existing Windows 'Plug and Play' system. For NAT 
routers, the major feature of UPnP on the router is “NAT Traversal”. This enables 
applications inside the firewall to automatically open the ports that they need to pass through 
a router. It is more reliable than requiring a router to work out by itself which ports need to 
be opened. Further, the user does not have to manually set up port mappings or a DMZ. 
UPnP is available on Windows XP and the router provide the associated support for MSN 
Messenger to allow full use of the voice, video and messaging features. 
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Available parameters are listed as follows: 


Item 

Description 

Enable This Profile 

Check this box to enable UPnP function. 

Download 

Enter the maximum sustained WAN download speed in 
kilobits/second. Such information can be requested by UPnP 
clients. 

Upload 

Enter the maximum sustained WAN upload speed in 
kilobits/second. Such information can be requested by UPnP 
clients. 

External Interface 

Select a WAN profile for UPnP protocol. 

Internal Interface 

Select a LAN profile for UPnP protocol. 

Max Session 

Determine the maximum session number for UPnP function. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 


After enabling UPNP service setting, an icon of IP Broadband Connection on Router on 
Windows XP/Network Connections will appear. The connection status and control status will 
be able to be activated. The NAT Traversal of UPnP enables the multimedia features of your 
applications to operate. This has to manually set up port mappings or use other similar 
methods. The screenshots below show examples of this facility. 
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Addies-; C Network Connections 



Broadband 

1 Network Tasks 

[J~\ hinet 

MD \ Disconnected 

L_ WAN Miniport (PPPOE) 

r| Q Create a new connection 

^ Set up a home or small 
office network 


Dial-up 

See Also 

1 ^ Network Troubleshooter 

r3~l test 

IO. Disconnected 

XL. DrayTek ISDN PPP 



f~~ 

Internet Gateway 

Other Places * 

Q* Control Panel 

My Network Places 

Q My Documents 

My Computer 

^ \ IP Broadband Connection on 

^ J Router 

Enabled 

LAN or High-Speed Internet 


n Local Area Connection 

Vn Enabled 

Realtek RTL8 1 39/8 1 Ox Family . 

Details 1 

Network Connections 

System Folder 



The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to 
discover what are behind a NAT router. The application will also learn the external IP 
address and configure port mappings on the router. Subsequently, such a facility forwards 
packets from the external ports of the router to the internal ports used by the application. 
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The UPnP function dynamically adds port mappings on behalf of some UPnP-aware 
applications. When the applications terminate abnormally, these mappings may not be 
removed. 


4.7.5 Wake on LAN 

A PC client on LAN can be woken up by the router it connects. When a user wants to wake 
up a specified PC through the router, he/she must type correct MAC address of the specified 
PC on this web page of Wake on LAN of this router. 

In addition, such PC must have installed a network card supporting WOL function. By the 
way, WOL function must be set as “Enable” on the BIOS setting. 



Available parameters are listed as follows: 


Item 

Description 

Wake by 

Two types provide for you to wake up the binded IP. If you 
choose Wake by MAC Address, you have to type the correct 
MAC address of the host in MAC Address boxes. If you 
choose Wake by IP Address, you have to choose the correct 

IP address. 

IP Address 

The IP addresses that have been configured in 

Firewall»Bind IP to MAC will be shown in this drop 
down list. Choose the IP address from the drop down list that 
you want to wake up. 

MAC Address 

Type any one of the MAC address of the binded PCs. 

Wake Up 

Click this button to wake up the selected IP. See the 
following figure. The result will be shown on the box. 

Delete 

Click this button to remove the result. 
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4.8 VPN and Remote Access 


A Virtual Private Network (VPN) is the extension of a private network that encompasses 
links across shared or public networks like the Internet. In short, by VPN technology, you 
can send data between two computers across a shared or public network in a manner that 
emulates the properties of a point-to-point private link. 

Below shows the menu items for VPN and Remote Access. 


VPN and Remote Access 


VPN Client Wizard 
VPN Server Wizard 
Remote Access Control 
PPP General Setup 
IPSec General Setup 
LAN to LAN 

VPN TRUNK Management 
Connection Management 


4.8.1 VPN Client Wizard 

Such wizard is used to configure VPN settings for VPN client. Such wizard will guide to set 
the LAN-to-LAN profile for VPN dial out connection (from server to client) step by step. 
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How to create LAN-to-LAN profile for VPN client (dial-out) 

1. Open VPN and Remote Access » VPN Client Wizard. 

2. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Type 

Specify which protocol (PPTP or IPSec) will be used for 
such VPN profile. 

VPN Settings Via 

Select From Current Settings - Current VPN LAN to LAN 
profiles will be listed below such setting. Choose the one 
you need. 


Create New VPN Profile - It allows you to create a new 

VPN LAN to LAN profile. Simply type the name in the field 
of Profile Name. The field of Profile Name is available only 
when you click this setting. 


DrayTek 


178 


Vigor2960 Series User’s Guide 


















3. Specify the type. Click Create New VPN Profile and type the name of the profile. 
Then, click Next. 



4. If you choose PPTP as the Type, you will get the following screen: 


VPN and Remote Access 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Display the name of the VPN profile. 
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Enable This Profile 

Check this box to enable such profile. 

Always On 

Click Enable to make router always keeping connection. 

Server IP Address 

Type the IP address of PPTP server. 

PPTP User Name 

Type a user name for authentication in PPTP connection. 

PPTP Password 

Type a password for authentication in PPTP connection. 

Local IP/Subnet 
Mask 

Type the IP address and subnet mask of local host. 

Remote IP/Subnet 
Mask 

Type the LAN IP address and LAN subnet mask for the 
remote host. 


If you choose IPSec as the Type, you will get the following screen: 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Display the name of the VPN profile. 

Enable This Profile 

Check this box to enable such profile. 

Auth Type 

The authentication to be used by Pre-Shared Key or RSA 
Signature. Choose PSK or RSA for such profile. 

Certificate 

Choose a local certificate from the drop down list. 

Preshared Key 

Type a pre-shared key for authentication if PSK is selected 
as Auth Type. 

Security Protocol 

Choose ESP to specify the IPSec protocol for the 
Encapsulating Security Payload protocol. The data will be 
encrypted and authenticated. Choose AH to specify the 

IPSec protocol for the Authentication Header protocol. The 
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data will be authenticated but not be encrypted. 

WAN Profile 

Choose a wan profile to be used by such profile. 

Local IP/Subnet 
Mask 

Type the IP address and subnet mask of local host. 

Local Next Hop 

Specify the gateway for WAN interface. Usually, use the 
default setting (leave it in blank). 

Remote Host 

Type the WAN IP address for the remote host. 

Remote IP / Subnet 
Mask 

Type the LAN IP address and LAN subnet mask for the 
remote host. 

More Remote 

Subnet 

Add more remote subnet in this field if required. 

Local GRE IP 

The virtual IP address of the router, specified for this tunnel. 

Remote GRE IP 

The virtual IP address of the remote client, specified for this 
tunnel. 


5. Fill in the required information on this page and click Finish. Later, a new profile has 
been created. 
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4.8.2 VPN Server Wizard 

Such wizard is used to configure VPN settings for VPN server. Such wizard will guide to set 
the LAN-to-LAN profile for VPN dial in connection (from client to server) step by step. 



How to create LAN-to-LAN profile for VPN server 

1. Open VPN and Remote Access » VPN Server Wizard. The following dialog will 
appear. 
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Available parameters are listed as follows: 


Item 

Description 

Type 

Specify which protocol (PPTP or IPSec) will be used for 
such VPN profile. 

VPN Settings Via 

Select From Current Settings - Current VPN LAN to LAN 
profiles will be listed below such setting. Choose the one 
you need. 

Create New VPN Profile - It allows you to create a new 

VPN LAN to LAN profile. Simply type the name in the field 
of Profile Name. The field of Profile Name is available only 
when you click this setting. 

Profile Name 

Type a new name for such profile. 

Next 

Go to next page. 

Cancel 

Cancel the configuration and return to the home page of such 
function. 


2. Fill in the required information on this page and click Next. If you choose IPSec as the 
Type, you will get the following screen: 



Available parameters are listed as follows 


Available parameters are listed as follows: 


Item 

Description 

Profile 

Display the name of such profile. 

Enable This Profile 

Check this box to enable such profile. 

Auth Type 

The authentication to be used by Pre-Shared Key or RSA 
Signature. Choose PSK or RSA for such profile. 
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Certificate 

Choose a local certificate from the drop down list. 

Presared Key 

Type a pre-shared key for authentication if PSK is selected 
as Auth Type. 

Security Protocol 

Choose ESP to specify the IPSec protocol for the 
Encapsulating Security Payload protocol. The data will be 
encrypted and authenticated. Choose AH to specify the 

IPSec protocol for the Authentication Header protocol. The 
data will be authenticated but not be encrypted. 

WAN Profile 

Choose a wan profile to be used by such profile. 

Local IP / Subnet 
Mask 

Type the IP address and subnet mask of local host. 

Local Next Hop 

Specify the gateway for WAN interface. Usually, use the 
default setting (leave it in blank). 

Remote Host 

Type the WAN IP address for the remote host. 

Remote IP/Subnet 
Mask 

Type the LAN IP address and LAN subnet mask for the 
remote host. 

More Remote 

Subnet 

Add more remote subnet in this field if required. 

Local GRE IP 

The virtual IP address of the router, specified for this tunnel. 

Remote GRE IP 

The virtual IP address of the remote client, specified for this 
tunnel. 

Previous 

Back to the previous page. 

Finish 

Save the configuration and return to the home page of such 
function. 

Cancel 

Cancel the configuration and return to the home page of such 
function. 


However, if you choose PPTP as the Type, then you will get the following screen: 
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VPN and Remote Access 


Available parameters are listed as follows: 


Item 


Description 


Enable This Profile 


Check this box to enable such profile. 


Authentication The router will authenticate the dial-in user with the protocol 

Protocol selected here. 


MS-CHAP-V2 

PAP 
CHAP 
MS-CHAP 
MS-CHAP-V2 


PAP - It means the router will attempt to authenticate dial-in 
users with the PAP protocol. 


MPPE Encryption 


CHAP - It means the router will attempt to authenticate 
dial-in users with the CHAP protocol. 

Specify one of the encryptions for such server. 


123-bit 

40/128-bit 

128-bit 


V 


Disable 


User Authentication 
Type 


Set user authentication to Local server or RADIUS server. 

Local v 

Local 

RADIUS 


LAN Profile 


Choose a LAN profile for PPTP Server if Local is selected 
as user authentication type. 
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3. Fill in the required information on this page and click Next to go to next page. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Display the name of the profile. 

Enable This Profile 

Check this box to enable such profile. 

PPTP User Name 

Type a user name for authentication in PPTP connection. 

Such profile shall be created in User Management»User 
Profile previously. Otherwise, there are no selections 
displayed here. 

Local IP / Subnet 
Mask 

Type the IP address and subnet mask of local host. 

Remote IP / Subnet 
Mask 

Type the LAN IP address and LAN subnet mask for the 
remote host. 
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5. Fill in the required information on this page and click Finish. Later, the new added 
VPN server profile will be displayed on the screen. 
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4.8.3 Remote Access Control 


Enable the necessary VPN service as you need. If you intend to run a VPN server inside your 
LAN, you should disable the VPN service (e.g., PPTP VPN, IPSec VPN, L2TP VPN, SSL 
VPN, etc.) of Vigor Router to allow VPN tunnel pass through. 



Available parameters are listed as follows: 


Item 

Description 

Enable PPTP VPN 

Service / L2TP VPN 
Service/DHCP over 

IPSec Service/L2TP 
over IPSec Service 

Check the box(es) to enable the service. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 
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4.8.4 PPP General Setup 

Remote users can connect to the site, host, server and etc. via VPN connection built between 
the router and the users by authentication procedure. 

PPTP 

This page display current status for VPN tunnel built with PPTP protocol. 



Available parameters are listed as follows: 


Item 

Description 

Authenticate Protocol 

The router will authenticate the dial-in user with the protocol 
selected here. 



MS-CHAP-V2 

V 




PAP 

CHAP 

MS-CHAP 

MS-CHAP-V2 



PAP - It means the router will attempt to authenticate dial-in 
users with the PAP protocol. 


CHAP - It means the router will attempt to authenticate 
dial-in users with the CHAP protocol. 

MPPE Encryption 

Specify one of the encryptions for such server. It is available 
only when MS-CHAP or MS-CHAP_v2 is selected. 



120-bit 

V 




40/128-bit 

128-bit 

Disable 


User Authentication 

Type 

Set user authentication to Local server or RADIUS server. 
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Choose a LAN profile for PPTP Server if RADIUS is 
selected as user authentication type. 


LAN Profile 


Click it to save the configuration. 


Apply 


Click it to discard the settings configured in this page. 


Cancel 


L2TP 


This page display current status for VPN tunnel built with L2TP protocol. 



Available parameters are listed as follows: 


Item 


Description 


Authenticate Protocol 


The router will authenticate the dial-in user with the protocol 
selected here. 



PAP - It means the router will attempt to authenticate dial-in 
users with the PAP protocol. 


User Authentication 
Type 


CHAP - It means the router will attempt to authenticate 
dial-in users with the CHAP protocol. 

Set user authentication to Local server or RADIUS server. 
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LAN Profile 

Choose a LAN profile for L2TP Server if RADIUS is 
selected as user authentication type. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 

4.8.5 IPSec General Setup 


The IPSec services can provide access control, connectionless integrity, data origin 
authentication, rejection of replayed packets that is a form of partial sequence integrity, and 
confidentiality by encryption. These objectives are met through the use of two traffic 
security protocols, the Authentication Header (AH) and the Encapsulating Security Payload 
(ESP), and through the use of cryptographic key management procedures and protocols. 



Available parameters are listed as follows: 


Item 

Description 

Preshared Key 

Specify a key for IKE authentication 

Confirm Pre-Shared Key- Retype the characters to confirm 
the pre-shared key. 

WAN Profile 

Choose the WAN interface profile(s) to be used. 

DHCP LAN Profile 

Choose one of the LAN profiles for VPN. 

IKE Port 

Type the UDP port number for Internet Key Exchange (IKE) 
traffic to the VPN server. 

NAT-T Port 

Type the UDP port number for IPSec network address 
translator traversal (NAT-T) traffic. 

IPSec MSS 

Type the port number for IPSec MSS. 

GRE over IPSec MSS 

Type the port number for GRE over IPSec MSS. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 
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4.8.6 VPN Profiles 


Here you can manage LAN-to-LAN connections by maintaining a table of connection 
profiles. You may set parameters including specified connection direction (dial-in or 
dial-out), connection peer ID, connection type (VPN connection - including PPTP, IPSec 
Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc. 

The router supports up to 200 VPN tunnels simultaneously. The following figure shows the 
summary table. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
profile. 

Delete 

Remove the selected profile. 

To delete a profile, simply select the one you want to delete 
and click the Delete button. 

Refresh 

Renew current web page. 

IPSec 

Display the LAN to LAN profile with IPSec policy. 

PPTP Dial-out 

Display the LAN to LAN profile with PPTP Dial-out policy. 

PPTP Dial-in 

Display the LAN to LAN profile with PPTP Dial-in policy. 

Profile 

Display the name of LAN to LAN profile. 

Enable This Profile 

Display the status of the profile. Lalse means disabled; True 
means enabled. 
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Local IP / Subnet Mask 

Display the LAN IP address with subnet mask of this profile. 

Remote IP / Subnet 

Mask 

Display the WAN IP address with subnet mask of this 
profile. 

More Remote Subnet 

Display other LAN IP addresses with subnet mask which can 
be used of this profile. 


How to create an IPSec VPN profile 

The IPSec services can provide access control, connectionless integrity, data origin 
authentication, rejection of replayed packets that is a form of partial sequence integrity, and 
confidentiality by encryption. These objectives are met through the use of two traffic 
security protocols, the Authentication Header (AH) and the Encapsulating Security Payload 
(ESP), and through the use of cryptographic key management procedures and protocols. 


1. Open VPN and Remote Access » VPN Profiles. 

2. Simply click the Add button. 


VPN and Remote Access » VPN Profiles 


VPN Profiles 

Add 

Profile 

VPN_CLI_1 


Xf Edit HQ Delate Refresh 

Enable This Profile Local 

true 152.16 


3. The following dialog will appear. Click the Basic tab to configure the settings. 
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Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the profile. 

Enable This Profile 

Check this box to enable this profile. 

Type 

There are three types offered here for you to choose. Please 
choose IPSec for this case. 

Basic 

Always On - Click Enable to make router always keeping 
connection. 

Auth Type - The authentication to be used by Pre-Shared 

Key or RSA Signature. Choose PSK or RSA for such 
profile. 

Preshared Key - Type a pre-shared key for authentication if 
PSK is selected as Auth Type. 

Security Protocol - Choose ESP to specify the IPSec 
protocol for the Encapsulating Security Payload protocol. 

The data will be encrypted and authenticated. Choose AH to 
specify the IPSec protocol for the Authentication Header 
protocol. The data will be authenticated but not be 
encrypted. 

WAN Profile- Choose a wan profile to be used by such 
profile. 

Local IP/Subnet Mask - Type the IP address and subnet 
mask of local host. 

Local Next Hop - Specify the gateway for WAN interface. 
Usually, use the default setting (leave it in blank). 

Remote Host - Type the WAN IP address for the remote 
host. 

Remote IP / Subnet Mask - Type the LAN IP address and 
LAN subnet mask for the remote host. 

More Remote Subnet - Add more remote subnet in this 
field if required. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the page without saving the configuration. 
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4. After filling the required information for Basic, click the Advanced tab to open the 
following page. 



Available parameters are listed as follows: 


Item 

Description 

Aggressive Mode 

Enable - Click it to enable Aggressive Mode. 

Disable - Click it to disable Aggressive Mode. 

Local Peer ID 

Type the ID for Vigor2960 which can be configured by the 
remote end. It is available for Aggressive Mode enabled 
only. 

Remote Peer ID 

Peer ID is on behalf of the IP address while identity 
authenticating with remote VPN server. The length of the ID 
is limited to 47 characters. It is available for Aggressive 

Mode enabled only. 

Phase 1 Key Life 
Time 

The rekey-renegotiated period of the IKE Phase 1 keying 
channel of a connection. The acceptable range is from 5 to 

480 minutes (8 hours). 

Phase 2 Key Life 
Time 

The rekey-renegotiated period of the IKE Phase 2 keying 
channel of a connection. The acceptable range is from 5 to 

480 minutes (8 hours). 

Perfect Forward 
Secrecy Status 

Enable the PFS function. A new Diffie-Hellman Key 

Exchange is included every time an encryption and/or 
authentication key are computed on PFS. 

Dead Peer 

Detection Status 

Enable or disable the DPD function. 

DPD Delay 

The keep-alive timer. A Hello message will be emitted 
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periodically when a tunnel is idle. Use the value 0 to disable 
this function. The recommended value is 30 seconds if 
enabled. 

DPD Timeout 

The timeout timer. The peer will be declared dead once no 
acknowledge message is received after timeout value. Use 
the value 0 to disable this function. The recommended value 
is 120 seconds. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the page without saving the configuration. 

After filling the required information for Advanced, click the GRE tab to open the 
following page. 

j IPSec 

ml 


5. 


Profile : L2L_1 

0 Enable This Profile 

Type : ® IPSec Q PPTP Dial-Out Q PPTP Dial-In 


Basic 


Advanced 


GRE 


Proposal 


PPTP 


Enable GRE Function : ® Enable 0 Disable 

192 


Local GRE IP: 

Remote GRE IP: 


163 


1 


46 


152 163 1 

Auto Generate GRE Key : ©Enable ©Disable 


cd 

ft 


Jim 


(Optional} 

(Optional} 


0 


H Apply Q Cancel 


Available parameters are listed as follows: 


Item 

Description 

Enable GRE 

Function 

Click Enable to enable such function. 

Local GRE IP 

The virtual IP address of the router, specified for this tunnel. 

Remote GRE IP 

The virtual IP address of the remote client, specified for this 
tunnel. 

Auto Generate 

GRE Key 

Click Enable to enable such function. 

If you click Disable, you have to type GRE In Key and 

GRE Out Key respectively. 

GRE In Key 

Type the hexadecimal number as GRE In Key. This value is 
used for the router to authenticate the source of the packet. 

The length is 4 bytes 
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GRE Out Key 

Type the hexadecimal number as GRE Out Key. This value 
is used for the remote client to authenticate the source of the 


packet. The length is 4 bytes. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the page without saving the configuration. 


6. After filling the required information for GRE, click the Proposal tab to open the 
following page. 



Available parameters are listed as follows: 


Item 

Description 

IKE Phasel 

Proposal (Dial-Out) 

Propose the local available authentication schemes and 
encryption algorithms to the VPN peers, and get its feedback 
to find a match. 

IKE Phasel 

Authentication 

(Dial-Out) 

Propose the local available algorithms to the VPN peers, and 
get its feedback to find a match. 

IKE Phase2 

Proposal (Dial-Out) 

Propose the local available authentication schemes and 
encryption algorithms to the VPN peers, and get its feedback 
to find a match. 

IKE Phase2 

Authentication 

(Dial-Out) 

Propose the local available algorithms to the VPN peers, and 
get its feedback to find a match. 

Accepted Proposal 
(Dial-In) 

For the dial-in VPN user, please specify the limitation of the 
proposal. 

acceptall - When the VPN tunnel is established, all the 
proposals supported by this device will be accepted and 
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applied. 


acceptabove - When the VPN tunnel is established, only the 
selected proposal will be accepted and applied by this 
device. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the page without saving configuration. 


7. Enter all the settings and click Apply. 

8. A new IPSec LAN-to-LAN profile has been created. 

VPN and Remote Access » VPN Profiles 

VPN Profiles 


IQ Add >£ Edit ifjj Delete 0 Refresh ® IPSec Q PPTP Dial-Out Q PPTP Dial-In Profile Number Limit : 200 



Profile 

Enable This Profile 

Local IP / Subnet Mask 

Remote IP / Subnet Mas 

More Remote Subnet 


VPN_CLI_1 

true 

192.165.1.0/24 

0.0.0.0/32 



L2L_1 

true 

132.165.1.0/24 

0.0.0.0/32 



How to create a PPTP Dial-Out VPN profile 

Below will guide you to create a PPTP dial-out profile for VPN connection: 

1. Open VPN and Remote Access » VPN Profiles. 

2. Simply click the Add button. 

VPN and Remote Access » VPN Profiles 
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3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the profile. 

Enable This Profile 

Check this box to enable this profile. 

Type 

There are three types offered here for you to choose. Please 
choose PPTP Dial-Out for this case. 

PPTP 

Always On - Click Enable to make the profile being always 
on. 

Server IP Address - Type the IP address of PPTP server. 

PPTP User Name - Type a user name for authentication in 
PPTP connection. 

PPTP Password - Type a password for authentication in 

PPTP connection. 

Local IP/Subnet Mask - Type the IP address and subnet 
mask of local host. 

Remote IP / Subnet Mask - Type the LAN IP address and 
LAN subnet mask for the remote host. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the page without saving the configuration. 


4. Enter all the settings and click Apply. 
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5. A new PPTP Dial-Out VPN profile has been created. 

VPN and Remote Access » VPN Profiles 

VPN Profiles 

ft Add >£ Edit QD Delete Refresh ® IP Sec 

Profile Enable This Profile Local IP / Subne 

P^P_0ut_1 true 1 32.16-B.1.7B/24 


How to create a PPTP Dial-In VPN profile 

Below will guide you to create a PPTP dial-in profile for VPN connection: 

1. Open VPN and Remote Access » VPN Profiles. 

2. Simply click the Add button. 


VPN and Remote Access » VPN Profiles 


VPN Profiles 


ft Add >£ Edit mi Delete ^ Refresh- 


Profile 
I VPN CLI 1 


Enable This Profile 

true 


3. The following dialog will appear. 
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Available parameters are listed as follows: 


Item 

Profile 

Enable This Profile 
Type 


Set PPTP Dial-In 
For User Profile 


Description 

Display the name of the profile. 

Check this box to enable this profile. 

There are three types offered here for you to choose. Please 
choose PPTP Dial-In for this case. 

Click it to create a new user profile or to modify an existing 
profile. 


User Profile 


- [xj 

Add ^ Edit [Q] Delete O Refresh 


Profile Nur 

Username Enable Thi System Us Group PPTP 

L2TP 

DHCP frorr Static IP A. Use mOTP 


No items to show. 


PPTP User Name 


See the explanation later. 

Choose a PPTP user profile for authentication in PPTP 
connection. 

Such profile shall be created in User Management»User 
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Profile previously. You can click Set PPTP Dial-In For 

User Profile in this page to configure a new one for 
choosing. 

Local IP/Subnet 
Mask 

Type the IP address and subnet mask of local host. 

Remote IP / Subnet 

Type the LAN IP address and LAN subnet mask for the 

Mask 

remote host. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the page without saving the configuration. 


4. Enter all the settings and click Apply. 

5. A new PPTP Dial-In LAN-to-LAN profile has been created. 


VPN and Remote Access » LAN-to-LAN Profiles 


LAN-to-LAN Profiles 


Add >& Edit m Delete i^» Refresh O IPSec O pp TP Dial-Out ® PP 

Enable This Profile PPTP User Name Local IP / Subn 

false 0.0.0.0/24 


Profile 
VPN_Ser_1 
FTP In 1 


true 


O.O.Q.O/24 
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Set PPTP Dial-In For User Profile 


To set PPTP Dial-In connection, you have to create PPTP user profiles previously in User 
Management»User Profile, or click Set PPTP Dial-In For User Profile in this page to 
configure a new one for choosing for authentication in PPTP connection. 

Below shows the window of Set PPTP Dial-In For User Profile. For the configuration and 
detailed information, simply refer to 4.6.2 User Profile. 


User Profile 


- X 

Add X Edit 

HD Delete 0 Refresh 

Profile Nur 

Username Enable Thi 

System Us Group PPTP L2TP 

DHCPfrou Static IP Ai Use mQTP 

Nd items to show. 


i I in IK 
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4.8.7 VPN Trunk Management 

VPN Load Balance Mechanism can set multiple VPN tunnels for using as traffic load 
balance tunnel. It can assist users to do effective load sharing for multiple VPN tunnels 
according to real line bandwidth. Moreover, it offers three types of algorithms for load 
balancing and binding tunnel policy mechanism to let the administrator manage the network 
more flexibly. 

> Three types of load sharing algorithm offered, Round Robin, Weighted Round Robin 
and Fastest 

> Binding Tunnel Policy mechanism allows users to encrypt the data in transmission or 
specified service function in transmission and define specified VPN Tunnel for having 
effective bandwidth management 

> Dial-out connection types contain IPSec, PPTP, L2TP, L2TP over IPSec and GRE over 
IPSec 

> The web page is simple to understand and easy to configure 

The TCP Session transmitted by using VPN TRUNK-VPN Load Balance mechanism will 
not be lost due to one of VPN Tunnels disconnected. Users do not need to reconnect with 
setting TCP/UDP Service Port again. The VPN Load Balance function can keep the 
transmission for internal data on tunnel stably. 
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Load Balance Ryle 

To build VPN load balance connection with other router, you can define the load balance 
rule in this page. 


VPN and Remote Access » VPN TRUNK Management» Load Balance Rule 



L oa d Balance Ru 1 e Load B a la n ce Po o 1 



t£> Add Edit Bn Dsfete 0 Rsfrssh Pr ° file Number Limit : 12s 


Profile Enable This Protocol Source IP Source Mai Destinatior Destinatior Destinatior Destinatior Load Balanc 

Nd items to show. 





Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
profile. 

Delete 

Remove the selected profile. 

To delete a profile, simply select the one you want to delete 
and click the Delete button. 

Refresh 

Renew current web page. 

Profile 

Display the name of the profile. 

Enable This Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

Protocol 

Display the protocol configured by such profile. 

Source IP Address 

Display the source IP address specified for this profile. 

Source Mask 

Display the subnet mask address specified for the source IP 
of this entry. 
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Destination IP Address 

Display the destination IP address specified for this entry. 

Destination Mask 

Display the subnet mask address specified for the destination 
IP of this entry. 

Destination Port Start 

Display the start point specified in the Dest Port Range for 
this entry. 

Destination Port End 

Display the end point specified in the Dest Port Range for 
this entry. 

Load Balance Pool 

Display the load balance pool selected for such rule. 


How to add a Load Balance Rule profile 

1. Open VPN and Remote Access »VPN TRUNK Management and click the Load 
Balance Rule tab. 

2. Simply click the Add button. 


VPN and Remote Access » VPN TRUNK Maimyen 


Load Balance Rule Load Balance Pool 


Add Edit 


Delete R 


Profile Enable Tl Protocol Source IF Sourc 


No 


3. The following dialog will appear. 
: Load Balance Rule 




Profile : 

[7] Enable This Profile 
Protocol : 

Source IP Address : 
Source P.1 ask : 


IB rule 1 


TCP/UIDP 


192 


255.255.255.0 


D e sti n ati on I P A d d r e s s : 1 32 


Destination PJlask : 


255.255.255.0 


Destination Port Start : 200 

Destination Port End 
Load Balance Pool : 


300 


LB Pool 1 



163 


1 


46 


(Optional) 



163 


1 


39 


(Optional) 

(Optional) 

(Optional) 


H Apply 3 Cancel 
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Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the profile. 

Enable This Profile 

Check this box to enable such profile. 

Protocol 

Type the protocol configured by such profile. 

Source IP Address 

Type the source IP address specified for this profile. 

Source Mask 

Type the subnet mask address specified for the source IP. 

Destination IP 
Address 

Type the destination IP address specified for this entry. 

Destination Mask 

Type the subnet mask address specified for the destination 

IP. 

Destination Port 

Start 

Type the start point specified in the Dest Port Range. 

Destination Port 

End 

Type the end point specified in the Dest Port Range. 

Load Balance Pool 

Use the drop down list to choose one profile configured in 
load balance pool. Then, such rule will be applied by the 
pool. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the page without saving the configuration. 


4. Enter all the settings and click Apply. 

5. A new profile has been created. 

VPN ami Remote Access » VPN TRUNK Management» Load Balance Rule 

Load Balance Rule LoadBalancePool 


IS) Add >£ Edit QQ Delete Refresh 

Profile 

Enable Thi 

: Protocol 

Source IP, 

Source Ma 

Destinatioi 

Destinal 

LB_rule_1 

true 

TCP/UDP 

192.16S.1.- 

255.255. 2t 

1 92.1 68.1.: 

255.255. 
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Load Balance Pool 


This page allows the user to integrate several WAN profiles as a pool profile specified with 
the function of load balance or failover. 

VPN and Remote Access » VPN TRUNK Management» Load Balance Pool 
LoadBalanceRule Load Balance Pool 

Add >£ Edit [j| Delete 0 Refresh 
Profile Inteiface 

No items to show. 


T 1 in I B 

__ > 


Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
profile. 

Delete 

Remove the selected profile. 

To delete a profile, simply select the one you want to delete 
and click the Delete button. 

Refresh 

Renew current web page. 

Profile 

Display the name of the profile. 

Interface 

Display the name of the Load Balance profile grouped under 
such pool profile. 


How to add a Load Balance Pool Profile 

1. Open VPN and Remote Access »VPN TRUNK Management and click the Load 
Balance Pool tab. 

2. Simply click the Add button. 
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VPN iii hi Remote Access VPN TRUNK Mai my ei net 


LoadBalanceRule Load Balai ic e Pool 

Add I >t Edit (Dj Delete O Refr 


Profile 


No 


3. The following dialog will appear. Type the name of the profile (e.g., LBPooll, 
within 10 characters including digit, letter, and underline) under the Mode tab. 

Load Balance Pool Q(x 

Mode Load Balance 

i 

Profile : LB_Pool_1 


H APPly Q Cancel 


4. Click the Load Balance tab to open the following dialog. 



If there is no selection for Interface option, please go to VPN and Remote 
Access»LAN to LAN to create a new IPSec LAN to LAN profile with enabled GRE 
setting. Then, return to this page to specify the Interface option. 
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5. Enter all the settings and click Apply. 

6. A new profile has been created. 

VRN til hi Remote Access ;>;> VPN IKUNft Iviaiitijjeineiit» Load Balance Pool 
LoadBalanceRule Load Balance Pool 

5} Add Edit Hi! Delete 0 Refresh 

Profile Interface 

LB_Pool_1 

Refer to Chapter 3, How to Configure VPN Load Balance between Vigor2960 and Other 
Router for getting more detailed information about Load Balance application. 

4.8.8 Connection Management 

You can find the summary table of all VPN connections. You may disconnect any VPN 
connection by clicking Disconnect button. 



Each item will be explained as follows: 


Item 

Description 

Profile 

This filed displays the profile configured in LAN-to-LAN 
(with Index number and VPN Server IP address). The VPN 
connection built by General Mode does not support VPN 
backup function. 

Connect 

Click this button to execute dial out function. 

IPSec 

Click it to perform IPSec VPN connection. 

PPTP 

Click it to perform PPTP VPN connection. 

Refresh 

Renew current web page. 

VPN 

Display the name of VPN profile. 
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Type 

Display the connection type (PPTP or IPSec) for such VPN 
profile. 

Remote IP 

Display the remote IP configure by VPN profile. 

Virtual Network 

Display the virtual network established by such VPN profile. 

Up Time 

Display the connection time of this VPN tunnel. 

RX (Packets) 

Display the total received packets through this VPN. 

TX (Packets) 

Display the total transmitted packets through this VPN. 

Disconnect 

Terminate the VPN connection. 


4.9 Certificate Management 

A digital certificate works as an electronic ID, which is issued by a certification authority 
(CA). It contains information such as your name, a serial number, expiration dates etc., and 
the digital signature of the certificate-issuing authority so that a recipient can verify that the 
certificate is real. Here Vigor router support digital certificates conforming to standard 
X.509. 

Any entity wants to utilize digital certificates should first request a certificate issued by a CA 
server. It should also retrieve certificates of other trusted CA servers so it can authenticate 
the peer with certificates issued by those trusted CA servers. 

Here you can generate and manage the local digital certificates, and set trusted CA 
certificates. Remember to adjust the time of Vigor router before using the certificate so that 
you can get the correct valid period of certificate. 

Below shows the menu items for Certificate Management. 


Certificate Management 


Local Certificate 
Trusted CA Certificate 


Local certificate is created by the end user and must be signed by a trusted CA center. 
Vigor2960 can serve as a trusted CA and is called with “Root CA”. Therefore, any user can 
ask for certificate signed by Vigor2960. 

When Vigor2960 serves as a Root CA, it can sign the certificates coming from the users. 
First, building a Root CA for Vigor2960 by clicking Trusted CA Certificate. Later, 
certificate coming from other users can be uploaded to Root CA (Vigor2960) and be signed 
by Vigor2960. 
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4.9.1 Local Certificate 


This page allows users to generate certificate based on different work requests. Local 
certificate can be signed by itself or signed by a root CA (e.g., root CA on Vigor2960). 



Each item will be explained as follows: 


Item 

Description 

Upload 

Allow you to upload current configuration to the host as a 

CA certificate. 

Delete 

Remove the selected item of Trusted CA listed below. 

Download 

Allow you to download an existing CA certificate to the 
router. 

Generate 

Open another web page for generating the local certificate. 

Selected File 

Use the Browse., button to specify a file to be used as trusted 
CA certificate. 

Name 

Display the name of trusted CA built. 

Subject 

Display the subject of the trusted CA built. 

Issuer 

Display the issuer of the trusted CA built. 

Status 

Display the status of the trusted CA built. 

Valid From 

Display the starting point of the valid time of trusted CA. 

Valid To 

Display the end point of the valid time of trusted CA. 
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How to build a local certificate 

1. Open Certificate Management» Local Certificate. 

2. Simply click the Generate button. 


Certificate Management» Local Certificate 


Local Certificate 


Upload ]ft| Delete Download 0 Gen 


Select File 




H.hiia 




IsRiier 


3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Certificate Name 

Type the name of the local certificate. 

ID Type 

The ID type for such certificate. There are four types: 

Domain Name: Certificated by domain name. 

IP: Certificated by IP address. 
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Email: Certificated by email address. 

None: Do not enter an ID value. 



None 

V 




None 

Domain_Name 

IP 

Email 

0 



l 1 i d v i et\ 



ID Value 

The ID value is determined by the ID Type selected for such 
certificate. 


For example, if you choose Domain_Name as the ID Type, 
please type the domain name in this field. 

Organization Unit 

Type a description for the organization unit. 

Organization 

Type the name of the organization. 

Locality (City) 

Type the name of the city for such certificate. 

State/Province 

Type the name of the state /province for such certificate. 

Common Name 

Type the common name for such certificate. 

Email Address 

Type the e-mail address for such certificate. 

Key Size 

Choose one of the key sizes for such certificate. 

Country 

Type the name of the country that such certificate located. 

Passphase 

Such string will be used for confirmation while signing 
remote CA. It is similar to a password but generally it is 
longer for security. 

Apply 

Click it to create a new local certificate based on the 
configuration here. 

Cancel 

Click it to exit the web page without saving the 
configuration. 


4. Enter all the settings and click Apply. 

5. A new generated Local Certificate has been created. 


Local Certificate 

Upload HQ Delete ^ Download ^ Generate 


Select File : 


Brow be .. 



Name 

Subject 

Issuer 

Status 

V 

Local_CA 

DT_Lioense 


Requesting 



DrayTek 


214 


Vigor2960 Series User’s Guide 





























How to download a local certificate into specified location 

Vigor router allows you to generate a certificate request and submit it the CA server. After 
generating a local certificate, you can download it as a file into any place you want. 

If you have already gotten a certificate from a third party, you may import it directly. The 
supported types are PKCS12 Certificate and Certificate with a private key. 

1. Open Certificate Management» Local Certificate. 

2. Click the Download button. 



3. Click Save. The file will be stored under the folder you specified above. 

How to upload a local certificate 

1. Open Certificate Management» Local Certificate. 

2. Click the Browse., button to import a CA file stored on the computer as the 
certification information. 



3. Click Open for the selected CA file. 

4. Click Upload. The system will start to upload the selected file. 
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4.9.2 Trusted CA Certificate 


This page allows you to build a RootCA certificate for Vigor2960. 

RootCA can be deleted but not edited. If you want to modify the settings for a RootCA, 
please delete the one and create another one by clicking Build RootCA. 



Each item will be explained as follows: 


Item 

Description 

Upload 

Allow you to upload current configuration to the host as a 

CA certificate. 

Delete 

Remove the selected item of trusted CA listed below. 

Selected File 

Use the Browse., button to specify a file to be used as trusted 
CA certificate. 

Name 

Display the name of trusted certificate built. 

Subject 

Display the subject of trusted certificate built. 

Issuer 

Display the issuer of trusted certificate built. 

Status 

Display the status of trusted certificate built. 

Valid From 

Display the starting point of the valid time of trusted 
certificate. 

Valid To 

Display the end point of the valid time of trusted certificate. 
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4.10 SSL VPN 


An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be 
used with a standard Web browser. 

There are two benefits that SSL VPN provides: 

> It is not necessary for users to preinstall VPN client software for executing SSL VPN 
connection. 

> There are less restrictions for the data encrypted through SSL VPN in comparing with 
traditional VPN. 



4.10.1 SSL Web Proxy 

SSL Web Proxy will allow the remote users to access the internal web sites over 
SSL. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 


To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
profile. 
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Delete 

Remove the selected profile. 

To delete a profile, simply select the one you want to delete 
and click the Delete button. 

Refresh 

Renew current web page. 

Profile 

Display the name of the profile that you create. 

URL 

Display the URL. 

Host IP Address 

Display the IP address for the Host. 


How to create a new SSL Web Proxy 


1 . Open SSL VPN» SSL Web Proxy. 

2. Simply click the Add button. 

SSL VPN » SSL Web Proxy 


SSL Web Proxy 


Add 


A Edit 


Profile 


(Iff Delete C 1 Refresh 

URL 


3. The following dialog will appear. 


SSL Web Proxy 



Profile : 

SSL_WP_1 


URL: 

www.draytek.com 


Host IP Address : 

172 16 3 

1 09 

M Apply Q Cancel 


Available parameters are listed as follows: 


Item 

Description 

Profile 

Type name of the profile. 

URL 

Type the address (function variation or IP address) or path of 
the proxy server. 

Host IP Address 

If you type function variation as URL, you have to type 
corresponding IP address in this filed. Such field must match 
with URL setting. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the page without saving the configuration. 
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4. Enter all the settings and click Apply. 

5. A new SSL Web Proxy profile has been created. 

SSL VPN >;> SSL Wei) Proxy 


SSL Web Proxy 


Add >£ Edit 

Jfl| Delete Refresh 


Profile 

URL 

Host IP Addre 

SSL_WP_1 

www.draytek.com 

172.16.3.S9 


4.10.2 SSL Application 

It provides a secure and flexible solution for network resources, including VNC (Virtual 
Network Computer) /RDP (Remote Desktop Protocol) /SAMBA, to any remote user with 
access to Internet and a web browser. 
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VNC 


VNC stands for Virtual Network Computing. It allows you to access and control a remote 
PC through VNC protocol. 


SSL VPN » SSL Application » VNC 



VNC RDP 



Add Edit jffl Delete 0 Refresh Profile Number Limit : 10 


Profile IP Address Port Scaling 

Nd items to show. 





Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
profile. 

Delete 

Remove the selected profile. 

To delete a profile, simply select the one you want to delete 
and click the Delete button. 

Refresh 

Renew current web page. 

Profile 

Display the name of the profile that you create. 

IP Address 

Display the IP address for this protocol. 

Port 

Display the port used for this protocol. 

Scaling 

Display the percentage for such application. 


How to create a new SSL Application with VNC protocol 

1. Open SSL VPN» SSL Application and click the VNC tab. 
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2. Simply click the Add button. 


SSL VPN >:> SSL Application :>;> VNC 


VNC 


RDP 


O Add x Edit |[]| Delete O Refi 


Profile 


IP Address 


No ite 


3. The following dialog will appear. 

a® 

Profile : 


IP Address : 


Pen : 

Scaling: 

H Apply Cancel 


VNC_1 


192 16S 1 


36| | 




5900 


100% 

V 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the profile that you create. 

IP Address 

Type the IP address for this protocol. 

Port 

Specify the port used for this protocol. The default setting is 
5900. 

Scaling 

Chose the percentage (100%, 80%, 60%) for such 
application. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the page without saving the configuration. 


4. Enter all the settings and click Apply. 
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5. A new SSL Application profile has been created. 

SSL VPN » SSL Application ?> VNC 

VNC RDP 

Add >£ Edit m Delete & Refresh 

Profile IP Address Poit Scaling 

VNC_1 192.168.1.36 5900 100% 


RDP 

RDP stands for Remote Desktop Protocol. It allows you to access and control a remote PC 
through RDP protocol. 


SSL VPN » SSL Application » RDP 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 


To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
profile. 

Delete 

Remove the selected profile. 


To delete a profile, simply select the one you want to delete 
and click the Delete button. 
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Refresh 

Renew current web page. 

Profile 

Display the name of the profile that you create. 

IP Address 

Display the IP address for this protocol. 

Port 

Display the port used for this protocol. 

Screen Size 

Display the screen size for such application. 


How to create a new SSL Application with RDP protocol 

1. Open SSL VPN» SSL Application and click the RDP tab. 

2. Simply click the Add button. 


SSL VPN >> SSL Application » RDP 


VNC 


1^ Add 


RDP 

A Edit 


Profile 


Delete i** Refresh 

P 


IP Address 


No items 


3. The following dialog will appear. 





Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the profile that you create. 

IP Address 

Type the IP address for this protocol. 

Port 

Specify the port used for this protocol. 

Screen Size 

Chose the screen size for such application. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to exit the page without saving the configuration. 


4. Enter all the settings and click Apply. 
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5. A new SSL Application profile has been created. 

SSL VPN » SSL Application » RDP 


VNC RDP 


O Add 

Edit jfn Delete i/' Refresh 


Profile 

IP Address 

Poll 

RDP_1 

192.16S.1.57 

3389 


4.10.3 Online User Status 

If you have finished the configuration of SSL Web Proxy (server), users can find out 
corresponding settings when they access into Draytek SSL VPN portal interface. 



Each item will be explained as follows: 


Item 

Description 

Refresh 

Renew current web page. 

Auto Refresh 

Specify the interval of refresh time to obtain the latest status. 
The information will update immediately when the Refresh 
button is clicked. 

User Name 

Display current user who visit SSL VPN server. 

Remote IP 

Display the IP address for the host. 

Time out 

Display the time remaining for logging out. 
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4.11 Bandwidth Management 

Below shows the menu items for Bandwidth Management. 


Bandwidth Management 


Incoming Class 
Incoming Filter 
Outgoing Class 
Outgoing Filter 
Sessions Limit 


Bandwidth Limit 


The QoS (Quality of Service) guaranteed technology in the Vigor router allows the network 
administrator to monitor, analyze, and allocate bandwidth for various types of network 
traffic in real-time and/or for business-critical traffic. Thus, timing-sensitive applications will 
not be impacted by web surfing traffic or other non-critical applications, such as file transfer. 
Without QoS-guaranteed control, there would be virtually no way to prioritize users/services 
or guarantee allocation of finite bandwidth resources to network or servers for supporting 
timing-sensitive and mission-critical network applications, such as VoIP (Voice over IP) and 
online gaming applications. 

Differentiated quality of service is therefore one of the most important issues over the 
Internet infrastructure. In Vigor router, DSCP (Differentiated Service Code Point) support is 
also taken into consideration in the design of the QoS-guaranteed control module. 

The QoS function handles incoming and outgoing classes independently. Users can 
configure incoming or outgoing separately without any impact on the other. 

4.11.1 Incoming Class 

Incoming Class Setup allows you to configure bandwidth percentage for data and voice 
signals transmission. Click the Bandwidth Management option and choose Incoming 
Class. 
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Total Rate Control 

This page can set the total rate of incoming data for the QoS policer. 


Bandwidth Management»Incoming Class » Total Rate Control 


Total Rate C ontrol C1 a s s R ate C o ntro 1 



Mode : Q Enable 0 Disable 

Rate: 0 0 Kbps Q Mbps 


H Apply Q Cancel 



Available parameters are listed as follows: 


Item 

Description 

Mode 

Click Enable to enable such function. 

Rate 

Type the number as the total transmission rate for the 


incoming data. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 
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Class Rate Control 

This page allows you to edit the incoming class rate for the QoS policer. 


Bandwidth Management** Incoming Class **Class Rate Control 



Each item will be explained as follows: 


Item 

Description 

Edit 

Modify the selected policy. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
policy. 

Refresh 

Renew current web page. 

QoS Policer 

Display the name of the QoS Policer. 

Mode 

Display the status of QoS Policer. 

Rate 

Display the rate of QoS Policer. 
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How to edit the incoming class rate for the QoS policer 

1. Open Bandwidth Management» Incoming Class and click the Class Rate Control 

tab. 

2. Choose one of the incoming class rates and click the Edit button. 

Bandwidth Management»Incoming Class » Class Rate Control 

Tota I R ate C o ntro I C lass Rate C ontr ol 

X Edit 1+1 Refresh 

QoS Policer Mode 

incoming_classO Disable 

incoming_class 1 Disable 

3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

QoS Policer 

Display the name of the incoming class profile. 

Mode 

Click Enable to invoke such incoming class profile. 

Rate 

Type the number of rate for such profile. 

Apply 

Click it to save the configuration and exit the page. 

Cancel 

Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 
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5. 


The QoS Policer profile has been modified. 

Bond width Management»Incominy Gloss >> Gloss Rote Goiiti ol 


Tota I R ate C o ntro I Gloss Rote Control 


Edit Refresh 

OoS Policer 

Mode 

Rote 

incoming_classO 

Disable 

0 

incoming_class1 

Enable 

15 


4.11.2 Incoming Filter 

There are 30 filter rules for incoming data that can be configured in such page. 



Each item will be explained as follows: 


Item 

Description 

Edit 

Modify the selected policy. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
policy. 

Refresh 

Renew current web page. 

Filter Rule 

Display the name of the filter rule. 

Policer 

Display the name of filter Policer. 

Drop 

Display the status for the packet to be discarded or not. 

Reserved 

Display the status for the packet to be kept in the buffer or 
not. 
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How to edit the incoming filter for the QoS poiicer 

1. Open Bandwidth Management» Incoming Filter. 

2. Choose one of the filter rules and click the Edit button. 

Bandwidth Management» Filter Rule 

Filter Rule 

Refresh 

Poiicer Drop 

n o_rate_c o ntro I Disable 

no_rate_control Disable 

no_rate_control Disable 

no_rate_control Disable 

3. The following dialog will appear. 


A Edit 

Filter Rule 

filter_rule_0 
filter_rule_1 
filter_rule_2 
filter rule 3 
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Available parameters are listed as follows: 


Item 

Description 


Filter Rule 

Display the profile name of the filter rule. 

Policer 

Choose the QoS Policer profile to apply to such filter rule. 

no_rate_control 1 v 

no_rate_control 
incoming_classO 
incoming_class1 

Drop 

Choose Enable to discard the packets which satisfy the 
condition of the filter rule. 

Reserved 

Choose Enable to keep the packets which satisfy the 
condition of the filter rule, even the system is busy. 

When both Drop and Reserved are set to Enable, the 
priority of Drop is higher than Reserved. 

IP Protocol 

Choose a protocol for such 

None 

None 

ICMP 

ICMP 

TCP 

UDP 

filter rule. 

Source IP Address 

Type the source IP address for such incoming filter rule. 

Source IP Address 
Mask 

Type the mask address for the source IP address. 

Source Port Enable 

Choose Enable to restrict the source port value. 

Source Port Start 

Type the starting port number (0 - 65535) in the range of the 
source port. 

Source Port End 

Type the ending port number (0 - 65535) in the range of the 
source port. 

Destination IP 
Address 

Type the destination IP address for such incoming filter rule. 

Destination IP 
Address Mask 

Type the mask address for the destination IP address. 

Destination port 
Enable 

Choose Enable to restrict the destination port value. 

Destination Port 

Start 

Type the starting port number (0 - 65535) in the range of the 
destination port. 

Destination Port 

End 

Type the ending port number (0 - 65535) in the range of the 
destination port. 

Apply 

Click it to save the configuration and exit the page. 
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Cancel 


Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 

5. The incoming filter rule for QoS Policer has been modified. 

Bandwidth Mouoyemeht» Filter Rule 


Filter Rule 


Edit 

<+> Refresh 




Filter Rule 

Policer 


Drop 

Reseived 

fjlter_rule_0 

no_rate_ 

.control 

Disable 

Disable 

filter_rule_1 

no_rate_ 

.control 

Enable 

Disable 

filter_rule_2 

no_rate_ 

.control 

Disable 

Disable 


4.11.3 Outgoing Class 

Outgoing Class Setup allows you to configure bandwidth percentage for data and voice 
signals transmission. Click the Bandwidth Management option and choose Incoming 
Class. 
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Total Rate Control 

This page can set the total rate of outgoing data for the QoS policer. 



Available parameters are listed as follows: 


Item 

Description 

Status 

Click Enable to enable such function. 

Rate 

Type the rate for outgoing data. The range can be set from 


64000 to 10000000. 

Apply 

Click it to save the configuration and exit the page. 

Cancel 

Click it to discard the settings configured in this page. 
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Class Rate Control 

This page allows you to edit the outgoing class rate for different QoS policer. 


Bandwidth Management» Outgoing Class » Class Rate Control 



Each item will be explained as follows: 


Item 

Description 

Edit 

Modify the selected policy. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
policy. 

Refresh 

Renew current web page. 

Profile 

Display the name of the outgoing class rate profile. 

Status 

Display the status (enable or disable) of such profile. 

Rate 

Display the limitation (from 64000 to 10000000) for the rate 
of queue. 

Description 

Display the description for such profile. 
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How to edit the outgoing class rate for the QoS policer 

1. Open Bandwidth Management» Outgoing Class and click the Class Rate Control 

tab. 


2 . 


3. 


Choose one of the profiles and click the Edit button. 


Tota I R ate C o ntro I Class Rate Control Q u e u e 1 - 5 We i g ht 



Edit 

O' Refresh 

Profile 


Status 

Rate 

outgoing_classO 

Disable 

0 

outgoing_class1 

Disable 

0 

outgoing_class2 

Disable 

0 


The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Display the name of the QoS Shaper profile. 

Status 

Click Enable to enable such function. 

Rate 

Type the limitation for the rate of queue. Click the unit for 
such rate. 

Description 

Such information is offered by the system automatically. It is 
not necessary to change it. 

Apply 

Click it to save the configuration and exit the page. 

Cancel 

Click it to exit the page without saving the configuration. 


4. Enter all the settings and click Apply. 
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5. The outgoing class rate for QoS Policer has been modified. 


Total Rate Control Class Rate Control Queue 1-5 Weight 


Edit if* Refresh 


Profile 

Status 

Rate 

Description 

outgoing_classO 

Disable 

0 

Control queue 7(hightest) 

outgoing_class1 

Enable 

65 

Control queue 6(higher) 

outaoina c!ass2 

Disable 

0 

Control queue l-5dow1 


Outgoing Queue 1- 5 Weight 


There are several available outgoing queues, four shapers at varying levels, and five data 
queues with weights. All queues in the data group to be initialized with weights of zero, 
resulting in a strict service to completion (STC) mechanism across all queues.0. 


Banclwklth Management >> Outgoing Class » Queue 1-5 Weight 


Total Rate Control Class Rate Control Queue 1-5 Weight 


Edit Refresh 


OoS Queue 

low_queue_5 

low_queue_4 

low_queue_3 

low_queue_2 

low_queue_1 


Weight 

0 

0 

0 

0 

0 


\j 1_ m _1 M 

Each item will be explained as follows: 

Item 

Description 

Edit 

Modify the selected policy. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
policy. 

Refresh 

Renew current web page. 

QoS Queue 

Display the name of the QoS queue. 
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Weight 


Display the weight of the QoS queue. 


How to edit the outgoing queue 1- 5 weight for the QoS policer 

The bandwidth of the whole network traffic is dispatched according to the weight setting 
configured in Queue 1-5 Weight. For example, the weight value for queue 1 is set to 5, for 
queue 2 is 4, for queue 3 is 3, for queue 4 is 2 and for queue 5 is 1. Then session of queue 1 
will have the largest bandwidth for it occupies largest weight (5/(5+4+3+2+l)). 

1. Open Bandwidth Management» Outgoing Class and click the Queue 1-5 Weight 

tab. 

2. Choose one of the profiles and click the Edit button. 


Total R ate C onlro 1 Clas s Rate Co ntrol 

Queue 1-5 Wetylif 



Edit Refresh 

QoS Queue 

Weiylit 


low_queue_5 

0 



low_queue_4 0 

!cw_queue_3 0 


3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

QoS Queue 

Display the name of the QoS queue. 

Weight 

Type the weight of queues in bytes, range from 0 to 

1000000. 

Apply 

Click it to save the configuration and exit the page. 

Cancel 

Click it to exit the page without saving the configuration. 


4. Enter all the settings and click Apply. 

5. The outgoing queue 1-5 weight for QoS Policer has been modified. 
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Total Rate Control Class Rate Control Queue 1-5 Wehjlit 


X' Edit v* 1 Refresh 

GoS Queue 

Weiylit 

low_queue_5 

25 

low_queue_4 

0 


4.11.4 Outgoing Filter 

There are 30 filter rules for outgoing data that can be configured in such page. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new filter profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
profile. 

Delete 

Remove the selected profile. 

To delete a profile, simply select the one you want to delete 
and click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. 

Profile 

Display the name of the profile for the filter. 

Enable This Profile 

Display the status of the profile. False means disabled; True 
means enabled. 
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Source IP 

Display the source IP address for the filter. 

Destination IP 

Display the destination IP address for the filter. 

Service Type 

Display the protocol used for such filter. 

Queue Number 

Display the queue number that such filter is categorized. 


How to add an outgoing filter for the QoS policer 


1. Open Bandwidth Management» Outgoing Filter. 

2. Simply click the Add button. 

Bandwidth Management» Outgoing Filter 


Outgoing Filter 


O Add 

Profile 


A Edit nil Delete O Refresh Rena 

Enable This Profi Source IP Destination I 

No items to show. 


3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the filter profile. 

Enable This Profile 

Check this box to enable such profile. 

Source IP 

Type the source IP address with subnet mask value to be 
applied for this filter. 

Destination IP 

Type the destination IP address with subnet mask value to be 
applied for this filter. 
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Service Type 


Choose one of the service types from the drop down list. If 


you want to create a new service type, simply click to 
open the following dialog. 



Profile - type a new name for such service type. 

Protocol -There are two options: TCP, UDP and 
TCP/UDP. Select the protocol that you want to use. 

Source Port Start /End - Type the start /end number for the 
port range of the source port for such filter. 


Queue Number 


Destination Port Start / End - Type the start /end number 
for the port range of the destination port for such filter. 

Choose a queue number to category the packets matching 
with the condition configured as above. Queue 7 is the 
highest; 0 is the lowest. 



Apply 


Click it to save the configuration and exit the page. 


Cancel 


Click it to exit the page without saving the configuration. 


4. Enter all the settings and click Apply. 

5. The outgoing filter for QoS Policer has been created. 


Bandwidth Management» Outgoing Filter 


Outgoing Filter 








5ji Add 

>£ Edit JD Deists 0 Refresh 

l+J Rename 



Profile 

Enable This Profile 

Source IP 

Destination IP 

Sen/ ice Type 

Q,li 

but filt 1 


true 

IP_object_1 

CRM_Server 

Any 

0 
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4.11.5 Sessions Limit 

A PC with private IP address can access to the Internet via NAT router. The router will 
generate the records of NAT sessions for such connection. The P2P (Peer to Peer) 
applications (e.g., BitTorrent) always need many sessions for procession and also they will 
occupy over resources which might result in important accesses impacted. To solve the 
problem, you can use limit session to limit the session procession for specified Hosts. 

In the Bandwidth Management menu, click Sessions Limit to open the web page. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
profile. 

Delete 

Remove the selected profile. 

To delete a profile, simply select the one you want to delete 
and click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. 

Profile 

Display the name of the profile. 

Enable This Profile 

Display the status of the profile. False means disabled; True 
means enabled. 

Source IP 

Display the IP address with subnet mask of the profile. 

Max Sessions 

Display the maximum sessions used by the profile. 

Connection Limit 

Display the message to inform the user when the permitted 
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Administration Message 

session limit is reached. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 


How to add a session limit profile for the QoS policer 


1. Open Bandwidth Management» Sessions Limit. 

2. Simply click the Add button. 

Bandwidth Management» Sessions Limit 


Sessions Limit 


Add 

Profile 


si£ Edit jjQ Delete Refresh 

Enable This Profile Soi 

No items to 


3. The following dialog will appear. 



Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the profile. 

Enable This Profile 

Check this box to enable such profile. 

Source IP 

Type the source IP address with subnet mask for limit 
session. 

Max Sessions 

Defines the available session number for each host in the 
specific range of IP addresses. If you do not set the session 
number in this field, the system will use the default session 
limit for the specific limitation you set for each index. This 
field cannot be typed with “0”, otherwise the profile cannot 
be saved. 

Apply 

Click it to save the configuration and exit the dialog. 
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Cancel 


Click it to exit the dialog without saving the configuration. 

4. Enter all the settings and click Apply. 

5. A session limit profile has been created. 


Bandwidth Management >;> Sessions Limit 


Sessions Limit 


Add Edit 

Hll Delete v* 1 Refresh Rename 


Profile 

Enable This Profile Source IP 

Max Sessions 

Session_1 

true 192.168.1.35/1 

500 


4.11.6 Bandwidth Limit 

The downstream or upstream from FTP, HTTP or some P2P applications will occupy large 
of bandwidth and affect the applications for other programs. Please use Limit Bandwidth to 
make the bandwidth usage more efficient. 

In the Bandwidth Management menu, click Bandwidth Limit to open the web page. 



Each item will be explained as follows: 


Item 

Description 

Add 

Add a new profile. 

Edit 

Modify the selected profile. 

To edit a profile, simply select the one you want to modify 
and click the Edit button. The edit window will appear for 
you to modify the corresponding settings for the selected 
profile. 

Delete 

Remove the selected profile. 

To delete a profile, simply select the one you want to delete 
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and click the Delete button. 

Refresh 

Renew current web page. 

Rename 

Allow to modify the selected profile name. 

Profile 

Display the name of the bandwidth limitation profile. 

Enable This Profile 

Display the status of such profile. 

Start IP 

Display the start IP address for the profile. 

End IP 

Display the end IP address for the profile. 

TX Limit 

Display the limitation for the speed of the upstream for the 
profile. 

RX Limit 

Display the limitation for the speed of the downstream for 
the profile. 

Enable Smart 

Bandwidth Limit 

Check the box to enable smart bandwidth limit function. It 
will apply to the IP addresses that are not included in the 
limitation list defined in the Bandwidth Limit profile. 

Session Threshold 

If the session number for data transmission is over the 
threshold number configured here, the system will start to 
limit the TX(transmitting) and RX(receiving) rate. 

TX Limit 

Type a number as transmitting rate or keep the default 
setting. 

RX Limit 

Type a number as receiving rate or keep the default setting. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 


How to add a bandwidth limit profile for the QoS policer 

1. Open Bandwidth Management»Bandwidth Limit. 

2. Simply click the Add button. 

Bandwidth Management» Bandwidth Limit 
Bandwklth Limit 

X' Edit jjfj Delete V s Refresh 

Profile Stan IP End IP 

No iterr 

3. The following dialog will appear. 


Add 
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Bandwidth Limit 


x 


Profile- : 
j\ Enable 

Start IP : 

End IP : 

TX Limit : 

RX Limit : 

H Apply £ Cancel 


Band_limit_1 

This Profile 

192 

192 

1 024 @KI>|)S O mi> I )S 

1 024 @KI>|)S O mi> I )S 


16S 


1 


77 




. 


168 

1 

32 


Available parameters are listed as follows: 


Item 

Description 

Profile 

Type the name of the profile. 

Start IP 

Define the start IP address for limit bandwidth. 

End IP 

Define the end IP address for limit bandwidth. 

TX Limit 

Define the limitation for the speed of the upstream. If you do 
not set the limit in this field, the system will use the default 
speed for the specific limitation you set for each index. Do 
not type the value with “0”, otherwise the profile cannot be 
saved. 

RX Limit 

Define the limitation for the speed of the downstream. If you 
do not set the limit in this field, the system will use the 
default speed for the specific limitation you set for each 
index. Do not type the value with “0”, otherwise the profile 
cannot be saved. 

Apply 

Click it to save the configuration and exit the dialog. 

Cancel 

Click it to exit the dialog without saving the configuration. 


4. Enter all the settings and click Apply. 

5. A bandwidth limit profile has been created. 

Bandwidth Management » Bandwidth Limit 


Bandwidth Limit 


Ad d 

X Edit un Delete 0 Refresh 

Rename 


Pr 

Profile 

Enable This Profile Start IP 

End IP 

TX Limit 

RX Limit 

B a n d_limit_1 

true 192.1 6fl. 1.77 

192.16A.1.S2 

1024 

1024 
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4.12 System Maintenance 

For the system setup, there are several items that you have to know the way of configuration: 
Status, Administrator Password, Configuration Backup, Syslog/Mail Alert, Time and Date, 
Access Control, SNMP Setup, Reboot System, Firmware Upgrade and Upload Language 
File. 

Below shows the menu items for System Maintenance. 



4.12.1 TR-069 


This device supports TR-069 standard. It is very convenient for an administrator to manage a 
TR-069 device through an Auto Configuration Server, e.g., VigorACS. 



Each item will be explained as follows: 


Item 

Description 

Enable This Profile 

Check this box to enable such profile. 

ACS Server 
URL/Username 

Such data must be typed according to the ACS (Auto 
Configuration Server) you want to link. Please refer to Auto 
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/Password 

Configuration Server user’s manual for detailed information. 

WAN Profile 

Choose one of the WAN profiles which will be recognized 
by VigorACS. 

Port 

Type the port number for Vigor2960 which will be 
recognized by VigorACS. 

CPE URL 

Display the URL of such CPE. 

Periodic Status 

The default setting is Enable. Please set periodic time for 
VigorACS to send notification to CPE. Or click Disable to 
close the mechanism of notification. 

Periodic Time 

Set the time for VigorACS to send notification to CPE. 

CPE Username 

Type the user name for the CPE which will be used by the 
administrator of VigorACS to log into the WUI of 

Vigor2960. 

CPE Password 

Type the password for the CPE which will be used by the 
administrator of VigorACS to log into the WUI of 

Vigor2960. 

Apply 

Click it to save the configuration. 

Cancel 

Click it to discard the settings configured in this page. 


4.12.2 Administrator Password 

This page allows you to set new password for accessing into the WUI of the router. 



Each item will be explained as follows: 


Item 

Description 

Original Password 

Type the old password. 

New Password 

Type the new password. 

Confirm Password 

Re-type the new password for confirmation. 
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Apply 


Click this button to save the configuration and exit the web 
page. 


4.12.3 Configuration Backup 

Most of the settings can be saved locally as a configuration file, and can be applied to 
another router. The router supports functions of restore and backup for the configuration 
file. 

Backup 



Each item will be explained as follows: 


Item 

Description 

Encrypt Config 

Check this box to encrypt the configuration file. 

Password - Type a password for encrypting the file. 

Confirm Password - Retype the password for confirmation. 

Backup Type 

Choose one of the types to determine where the file will be 
stored. 

Backup to Local File - The configuration file will be stored 
in local host. 

Backup to Remote TFTP Server - The configuration file 
will be stored in the remote TFTP server specified. 

Backup Selected Config - The configuration file will be 
stored with an existing file in local host. You must select 
which file you want to store. 

Config File Name 

The default configuration file name (file format shall be .tgz) 
will be shown here. You can change the name if required. 

Backup 

Execute the file downloading job to the computer. 
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Restore 



Each item will be explained as follows: 


Item Description 

Decrypt Config Check this box to decrypt an encrypted configuration file. 

You can specify a password for decrypting the file for 
restoring it for use next time. 

Password - Type a password for encrypting the file. 


Restore Type 


Confirm Password - Retype the password for confirmation. 

Choose one of the types to determine where the file will be 
downloaded from. 


Restore Settings via Local Config File - Click it to restore 
the configuration settings through a configuration file stored 
locally. 

Restore Settings via TFTP Server - Click it to restore the 
configuration settings through TFTP server. 

Select File Use the Browse., button to locate the file for uploading to 

the router. 

Restore Click it to upload the selected file to the router. After 

finishing the restoration, the system will ask you to reboot 
the router. 


Confirm 


& Restore success, reboot now? 

OK Cancel 
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4.12.4 Syslog / Mail Alert 

SysLog function is provided for users to monitor router. There is no bother to directly get 
into the Web Configurator of the router or borrow debug equipments. 



Syslog Access Setup 

To configure settings for Syslog, open System Maintenance»Syslog/Mail Alert and click 
the Syslog Access Setup tab. 


System Maintenance » Sysloy / Mail Aleit» Syslog Access Setup 
J Syslog Access Setup || Syslog File || Mail Alert | 


Status : 

Local 

FI 

Server IP: 

127 0 

0 1 

Server Poll: 

514 


Router Name : 

Vigor 

(Optional) 

Firewall Log : 

0 Enable 

0 Disable 

VPN Log : 

0 Enable 

0 Disable 

User Access Log: 

0 Enable 

0 Disable 

WAN Log 

0 Enable 

Q Disable 

Others Log : 

(*) Enable 

0 Disable 



M Apply Q Cancel 




Available parameters are listed as follows: 
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Item 

Description 

Status 

oo“0 

loose one of the selectior 
slog access. If you choos 
type any server IP and p< 
.iter. 

Disable 

is to determine current status for 
>e Local as Status, you don’t need 
Drt. Just give a name for the 

Disable 

Remote 

Local 

Both 

viyui 

Server IP 

Type the IP address of the Syslog server. 

Server Port 

Type the port number for the Syslog server. 

Router Name 

Type the name of the router. The default name is Vigor. 

Firewall Log 

Click Enable to make the firewall log recorded in the 

Syslog. 

VPN Log 

Click Enable to make the VPN log recorded in the Syslog. 

User Access Log 

Click Enable to make the user access log recorded in the 
Syslog. 

WAN Log 

Click Enable to make the WAN log recorded in the Syslog. 

Others Log 

Click Enable to make other logs recorded in the Syslog. 

Apply 

Click this button to save the configuration and exit the web 
page. 

Cancel 

Click it to discard the settings configured in this page. 
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SysLog File 

This page displays all the operation logs for the router. 


System Ntoiii.Teii.ince » Syslog Moil Alert» Syslog File 
Syslog Access Setup Syslog File Mail Alert 
O Refresh 
Log 

Vigor pptp|2954): anon warn[open_inetsoclcpptp_callmgr.c:340]: connect: No route to host 

«26>Jan 4 06:16:28 Vigor: pppdl2954|: anonfatallcallmgr_m3in:pptp_cailmgrc:135|: Could nol open conlrol connetlmn to 1 
«27*Jan 4 Q6:i $:2B Vigor: pptpp 44B): Call manager exited with error 256 

<29>Jan A 06:16:58 Vigor: pptp(3180|: anon log[callmgr jmain:pp1p_callnngr.c:1 321: IP: 192.168.1.69 
<28>Jan A 06:17:01 Vigor: pptppiSO]: anon wam[openjnetsock:pptp_callmgr c:340]: connect No route lo host 
<26Man a 06:17:01 Vigor. pppd|3i 8DJ: anon fatalttal1mgr„main:ppip_callmgr c:1351: Could nol open conlrol connexion to i 
<27>Jan A 06:17:01 Vigor pptpfl 448|: Call manager exited with error 256 

<29>Jan 4 06:17:31 Vigor: pptp(3403|: anon log[callmgr_main:pp1p_callnngr.c:132|: IP: 192.168.1.69 
*2BMan 4 06:1 7:34 Vigor. pptpp403J: anon warnfopen_lnetsock:pptp_tallmgr.c:340]: connect No route Lo host 
*28>Jan 4 06:17:34 Vigor: pppd|34Q3|: anonfatai[callmgr_maln:pptp_cailmgr e l 35J; could nol open control connection to 1 
<27>Jan 406:17:34 Vigor: pptpfl 448]: Call manager exited with error 256 

<29>Jan 4 06:18:04 Vigor: pptpP650|: anon log[callmgr_main:pptp_callmgr.c:132J: IP: 192.168.1.69 

«28 Man 4 06:18:07 vigor. pptppB5Q|: anon wamtopenJnetsock:pptp_oallmgr,c:34PI: connect. No route lo host 

<25>Jan 4 06:18:07 Vigor: pppd|3658|: anon fatal[callmflL_mail>:pptp_callmgr c:135}: Could nol open control connection to 1 

<27>Jan 4 06:18:07 Vigor: pptpjl 448|: Call manager exited with error 256 

«29*Jan 4 06:18:37 Vigor: pptpP868|: anon log[callmgr_main:ppJp_cailmgr.CLl321. IP: 192.168.1.69 

<2BMan 4 06:18:40 Vigor: pptp[3S6B): anon warn[cpenjneteock:pptp_callmgr,c;340]: connect No route Lo host 

<26>Jan 4 06:18:40 Vigor: pppdf3868J: anon fatalfeallmgr_nriain:pptp_callmgf.c:1351: Could nol open conlrol connection to 1 




Mail Alert 


System Maintenance » Syslog. Moil Alert» Moil Aleit 


Syslog Access Setup 


Syslog File 


Moil Aleit 


□ Enable This Profile 
Mail From: 


Moil To : 


© Add H Save 


Moil To 


No items to show. 


SMTP PoiT: 25 

SMTP Seivei : 

User Login : 0 Enable 0 Disable 


enable or disable state 


a Apply 3 Cancel 


Available parameters are listed as follows: 


Item 


Description 
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Enable This Profile 

Check the box to enable such profile. 

Mail From 

Type a mail address for the mail sender. 

Mail To 

Assign a mail address for the mail receiver. 

SMTP Port 

Type the port number for SMTP server. 

SMTP Server 

Type the IP address for SMTP server. 

User Login 

Click Enable to make any user logging into the mail server. 

User Name 

Type the user name for authentication. 

User Password 

Type the password for authentication. 

Apply 

Click this button to save the configuration and exit the web 
page. 

Cancel 

Click it to discard the settings configured in this page. 
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4.12.5 Time and Date 


This page allows you to specify where the time of the router should be inquired from. 

As an NTP (Network Time Protocol) client, the router gets standard time from the time 
server. Some time-based functions cannot work properly until the system time functions run 
successfully. Typically, NTP achieves high accuracy and reliability with multiple redundant 
servers and diverse network paths. 



Available parameters are listed as follows: 


Item 

Description 

Time Type 

NTP - Select to inquire time information from Time Server 
on the Internet using assigned protocol. 

Browser - Select this option to use the browser time from 
the remote administrator PC host as router’s system time. 

Server 

Type the domain name of the server. 

Port 

Type the port number for the time server. 

Interval 

Select a time interval for updating from the NTP server. 

Time Zone 

Select the time zone where the router is located. 

Daylight Saving 

Click Enable to enable the daylight saving. Such feature is 
available for certain area. 

Apply 

Click this button to save the configuration and exit the web 
page. 

Cancel 

Click it to discard the settings configured in this page. 


DrayTek 


254 


Vigor2960 Series User’s Guide 
























































4.12.6 Access Control 

This page allows you to open or close the web configurator ofVigor2960 by using Telnet, 
SSH, HTTP, HTTPS... and etc... 



Available parameters are listed as follows: 


Item 

Description 

Web Allow 

Click Enable to allow system administrator to login from the 
Internet and management the web page of the router. 

Web Port 

Type the port number for the management through web 
page. 

Telnet Allow 

Click Enable to allow system administrator to login from the 
telnet and management the web page of the router. 

Telnet Port 

Type the port number for the management through telnet 
page. 

SSH Allow 

Click Enable to allow system administrator to login from the 
SSH server and management the web page of the router. 

SSH Port 

Type the port number for the management through SSH 
server. 

HTTPS Allow 

Click Enable to allow system administrator to login from the 
HTTPS server and management the web page of the router. 

HTTPS Port 

Type the port number for the management through HTTPS 
server. 

User Define 

Click Enable to allow system administrator to login from the 
user defined IP address and management the web page of the 
router. If you enable such function, the system can be 
managed by these three IP addresses via WAN. 

Allowed IP1 - Allowed 

IP3 

Type the first IP address for the system administrator to 
login. 
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The former box indicates an IP address allowed to login to the 
router, and the later box indicates a subnet mask allowed to 
login to the router. 

Allow Ping from WAN 

Click Enable to allow system administrator to ping the router 
from WAN interface. 

Allow Ping form LAN 

Click Enable to allow system administrator to ping the router 
from LAN interface. 

Apply 

Click this button to save the configuration and exit the web 
page. 

Cancel 

Click it to discard the settings configured in this page. 


4.12.7 SNMP Setup 

This page allows you to manage the settings for SNMP setup. 



Available parameters are listed as follows: 


Item 

Description 

Enable This Profile 

Check the box to enable such profile. 

Get Community 

Set the name for getting community by typing a proper 
character. The default setting is public. 

Set Community 

Set community by typing a proper name. The default setting 

is private. 

Manager Host IP 

Type the IP address for the manager host. 

Apply 

Click this button to save the configuration and exit the web 
page. 

Cancel 

Click it to discard the settings configured in this page. 
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4.12.8 Reboot System 

The Vigor router system can be restarted from a Web browser. You have to reboot the router 
to invoke the configured settings that you made before. 

If you want to reboot the router using the current configuration, choose Reboot with 
Current Configurations and click Reboot. To reset the router settings to default values, 
click Reboot with Factory Default Configurations and click Reboot. The router will take 
a period of time to reboot the system. 

Open System Maintenance» Reboot System. 



Available parameters are listed as follows: 


Item 


Description 


Reboot with Current Click it to reboot the router using the current 
Configurations configuration. Then, click Reboot.. 


Reboot with Factory Click it to reset the router settings to default values. Then, 

Default Configurations click Reboot. 


Reboot with Customized 
Configurations 


Click it to reboot the router using the current configuration 
(only the configuration settings listed and selected below). If 
you choose this option, Select Config File will be available 
for you to select. 


0 Reboot with Current Configurations 
Reboot Option : 0 Reboot with Factory Default Configurations 

0 Reboot with Customized Configurations 


Select Config File : 

lan_wan_proflle l wanj 

V 


V lan_wan_proflle 

* 


□ load_balance 



0 wan_vlan 
@ lan_vlan 



□ switch_mirror 
static_route 
ipbind_mac 
1—1 nort mdirant 
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After choosing the configuration files, click Reboot. 

Reboot 

Click this button to execute the rebooting job. 


4.12.9 Firmware Upgrade 

The following web page will guide you to upgrade firmware by using such page. 

Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site 
is www.DrayTek.com (or local DrayTek's web site) and FTP site is ftp.DrayTek.com. 

Click System Maintenance» Firmware Upgrade. 



Available parameters are listed as follows: 


Item 

Description 

Current Firmware 
Version 

Display current version of the firmware. 

Select File 

Use the Browse., button to locate and select the new 
firmware. 

Upgrade 

Click it to perform the firmware upgrade. 
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4.13 Diagnostics 

In some cases, a user may need to know some information about the router, such as static or 
dynamic databases, or other routing information. The Vigor2960 supports five functions, 

Routing Table, ARP Cache Table, DHCP Assignment Table, NAT Sessions Table and 
Traffic Graph for the user to review such information. 



4.13.1 Routing Table 

Click Diagnostics and click Routing Table to open the web page. 



Routing Table 

Display the information for each route. 
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Diagnostics » Routing Table » Routing Table 



Each item will be explained as follows: 


Item 

Description 

Refresh 

Renew the web page. 

Destination 

Display the destination IP address for various routings. 

Gateway 

Display the default gateway. 

Genmask 

Display the subnet mask for various routings. 

Flags 

Display the flag of the routing entry. Possible flags include: 

U (route is up) 

H (target is a host) 

G (use gateway) 

R (reinstate route for dynamic routing) 

D (dynamically installed by daemon or redirect) 

M (modified from routing daemon or redirect) 

A (installed by addrconf) 

C (cache entry) 

! (reject route) 

Metric 

Display the distance to the target (usually counted in hops). 

It may be needed by routing daemons. 

Iface 

Display the direction of such route represented with 
LANAVAN profile (starting from LAN/WAN profile to 
LAN/WAN profile). 
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IPv6 Routing Table 

Display the information for each route with IPv6 protocol. 


Diagnostics » Routing Table » IPv6 Routing Table 


Routing Table 

IPv6 Routing Table 



C Refresh 

Destination 

Next Hop 

Flags 

Metric 

If ace 




U 

256 

ethO 

> 



U 

256 

eth2 


fe&0::ffi4 


U 

256 

lan-lanl 

- 

feB0::/B4 


u 

256 

wan-wan2 


fe&0::/B4 


u 

256 

lan-lantestl 


feB0::/64 


u 

256 

wan-wanl 


feS0::/30 

feB0::25fl:1212:ff:6666 

UG 

20 

lan-lanl 


::1/12S 


U 

0 

lo 


feSO : 71 23 


U 

0 

lo 


feS0::/12S 


U 

0 

lo 


feSO : 71 23 


U 

0 

lo 


feS0::/12S 


U 

0 

lo 


feSO :71 23 


U 

0 

lo 


feS0::/12S 


u 

0 

lo 


feSO : :2 5 0 :7f f f : fef f : 33 00/... 


u 

0 

lo 


feSO : :2 5 0 :7f f f : fef f : 33 00/... 


u 

0 

lo 


feSO : :2 5 0 :7f f f : fef f : 33 00/... 


u 

0 

lo 


feSO : :2 5 0 :7f f f : fef f : 33 00/... 


u 

0 

lo 

- 


Each item will be explained as follows: 


Item 

Description 

Refresh 

Renew the web page. 

Destination 

Display the destination IP address for various routings. 

Next Hop 

Display the next hop address for such route. 

Flags 

Display the flag of the routing entry. Possible flags include: 

U (route is up) 

H (target is a host) 

G (use gateway) 

R (reinstate route for dynamic routing) 

D (dynamically installed by daemon or redirect) 

M (modified from routing daemon or redirect) 

A (installed by addrconf) 

C (cache entry) 

! (reject route) 

Metric 

Display the distance to the target (usually counted in hops). 

It may be needed by routing daemons. 

Iface 

Display the direction of such route represented with 
LANAVAN profile (starting from LAN/WAN profile to 
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LAN/WAN profile). 


4.13.2 ARP Cache Table 

Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address 
Resolution Protocol) cache held in the router. The table shows a mapping between an 
Ethernet hardware address (MAC Address) and an IP address. 



ARP Cache Table 


Diagnostics » ARP Cache Table » ARP Cache Table 



ARP Cache Table IPv6 Neighbor Table 



C* Refresh Clear All 


IP Address HWType MAC Address Flags Profile Clear 

192.16S.1 .10 ether eO:cb:4e:da:4S:79 C lan-lanl 
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Each item will be explained as follows: 


Item 

Description 

Refresh 

Renew the web page. 

Clear All 

Remove all of the information from this page. 

IP Address 

Display the IP address for different ARP cache. 

HW type 

Display the hardware type of the address from RFC 826. 

MAC Address 

Display the MAC address for different ARP cache. 

Flags 

Each complete entry in the ARP cache will be marked with 
the flag of 0x2. Permanent entries are marked with 0x4 and 
published entries have the 0x8 flag. 

Profile 

Display the direction of such route represented with 
LAN/WAN profile (starting from LAN/WAN profile to 
LAN/WAN profile). 

Clear 

Delete the selected profile. 

IPv6 Neighbor Table 


Diagnostics » ARP Cache Table » IPv6 Neighbor Table 



ARP Cache Table IPv6 Neighbor Table 



^ Refresh 


IP Address Profile MAC Address Status 

Nd items to show. 





Each item will be explained as follows: 


Item 

Description 

Refresh 

Renew the web page. 

IP Address 

Display the IPv6 address of the neighbor. 

Profile 

Display the interface to which this neighbor is attached. 
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Item 

Description 

MAC Address 

Display the MAC address of the neighbor. 

Status 

Display the status for such neighbor. 

INCOMPLETE - Address resolution is in progress and the 
link-layer address of the neighbor has not yet been 
determined. 

REACHABLE - The neighbor is reachable recently (within 
tens of seconds ago). 

STALE-The neighbor is no longer to be reachable. Yet, until 
traffic is sent to the neighbor, no attempt should be made to 
verify its reachability. 

DELAY - The neighbor is no longer to be reachable, and the 
traffic has recently been sent to the neighbor. 

Rather than probe the neighbor immediately, however, delay 
sending probes for a short while in order to give upper layer 
protocols a chance to provide reachability confirmation. 

PROBE - The neighbor is no longer to be reachable, and 
unicast Neighbor Solicitation probes are being sent to verify 
reachability. 
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4.13.3 DHCP Table 


The facility provides information on IP address assignments. This information is helpful in 
diagnosing network problems, such as IP address conflicts, etc. 

Click Diagnostics and click DHCP Table to open the web page. 



Each item will be explained as follows: 


Item 

Description 

Refresh 

Renew the web page. 

IP Address 

Display the IP address of the static DHCP server. 

Start Date 

Display the starting date that DHCP server is activated. 

Start Time 

Display the starting time that DHCP server is activated. 

End Date 

Display the end date that DHCP server is closed. 

End Time 

Display the end time that DHCP server is closed. 

Mac Address 

Display the MAC address of the static DHCP server. 
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4.13.4 NAT Session Table 

This table can display about 30000 sessions with 20 pages. 



Each item will be explained as follows: 


Item 

Description 

Refresh 

Renew the web page. 

Source 

Display the source IP address and port of local PC. 

Destination 

Display the destination IP address and port of remote host. 

WAN 

Display the WAN interface used. 

Protocol 

Display the protocol of such NAT session used. 

State 

Display the actual state of the TCP connection. 

TTL 

Display how long the conntrack entry has to live. 
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4.13.5 Traffic Graph 

Click Diagnostics and click Traffic Graph to pen the web page. Specify LAN and WAN 
profiles to display corresponding graphs for CPU, Memory, LAN and WAN configurations. 
Click Refresh to renew the graph at any time. 



Each item will be explained as follows: 


Item 

Description 

Setup 

In this page, simply specify which LAN profile and WAN 
profile will be applied. The traffic graph will be drawn based 
on the profiles selected. 

Enable This Profile - Check this box to enable such profile. 
LAN - Use the drop down menu to choose a LAN profile. 
WAN -Use the drop down menu to choose a WAN profile. 

Refresh - Click it to renew the web page under the Setup 
tab. 

Apply - Click it to save the configuration configured under 
the Setup tab. 

CPU 

Click the CPU tab. 

There are three selections provided for you to specify. 

Recent 24 Hours - Display the information of CPU 
operation about recent 24 hours. 

Recent 7 Days - Display the information of CPU operation 
about recent 7 days. 

Recent 4 Weeks - Display the information of CPU 
operation about recent 4 weeks. 

Memory 

Click the Memory tab. 

There are three selections provided for you to specify. 

Recent 24 Hours - Display the information of memory 
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Item 

Description 


operation about recent 24 hours. 

Recent 7 Days - Display the information of memory 
operation about recent 7 days. 

Recent 4 Weeks - Display the information of memory 
operation about recent 4 weeks. 

LAN 

Click the LAN tab. 

There are three selections provided for you to specify. 
Network Interface - Display the information of LAN or 
WAN operation. 

Recent 24 Hours - Display the information of LAN 
operation about recent 24 hours. 

Recent 7 Days - Display the information of LAN operation 
about recent 7 days. 

Recent 4 Weeks - Display the information of LAN 
operation about recent 4 weeks. 

WAN 

Click the WAN tab. 

There are three selections provided for you to specify. 

Network Interface - Display the information of WAN or 
WAN operation. 

Recent 24 Hours - Display the information of WAN 
operation about recent 24 hours. 

Recent 7 Days - Display the information of WAN operation 
about recent 7 days. 

Recent 4 Weeks - Display the information of WAN 
operation about recent 4 weeks. 


Below show a graphic for CPU: 


Diagnostics » Traffic Graph » CPU 
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4.13.6 Web Console 


Click Diagnostics and click Web Console to pen the web page for typing commands used in 
console connection. A remote user can operate Vigor2960 from this web page without 
installing and opening other connection utility. 

- -U-•_' [ JLLLp.^i!J.^.iDQ.i ■ ii > WSDSJiSll/ 

login: 


4.13.7 Ping/Trace Route 

This page allows you to trace the routes from router to the host. Simply type the IP address 
of the host in the box and click Run. The result of route trace will be shown on the screen. 



Each item will be explained as follows: 


Item 

Description 

Ping / TraceRoute 

Click Ping to perform ping function. 

Click TraceRoute to invoke trace router function. 

Host 

Type the IP address of the host. 

Interface 

Choose one of the LAN or WAN profile to be applied by 
such function. 

Start 

Click it to start the action of Ping or Trace Route. 

Stop 

Click it to terminate the action of Ping or Trace Route. 
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4.13.8 Data Flow Monitor 


This page displays the running procedure (such as IP address, session number, transmission 
rate, receiving rate, and duration of the time block) by list or by chart for the IP address 
monitored and refreshes the data in an interval of several seconds. 



Each item will be explained as follows: 


Item 

Enable Dataflow 
Monitor 

Refresh 

Chart 


Description 

Check this box to enable such function. 


Click it to renew the web page. 

Click this button to illustrate data chart. Refer to the 
following figure as an example. 



Block 


UnBlock 


Recent 5 Minutes/ 
Recent 24 Hours 

Auto Refresh 


Prevent the specified PC accessing into Internet within 5 
minutes. 

Allow the specified PC accessing into Internet within 5 
minutes. 

Display the records with 5 minutes/24 hours recently. 


Specify the interval of refresh time to obtain the latest status. 
The information will update immediately when the Refresh 
button is clicked. 
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Item 

Description 

IP Address 

Display the IP address of the monitored device. 

TX rate (Kbps) 

Display the transmission speed of the monitored device. 

RX rate (Kbps) 

Display the receiving speed of the monitored device. 

Sessions 

Display the session number that you specified in Limit 

Session web page. 

Block Time 

Display the time for the duration of the block. 


4.14 External Devices 

Vigor router can be used to connect with many types of external devices. In order to control 
or manage the external devices conveniently, open External Devices to make detailed 
configuration. 



Each item will be explained as follows: 


Item 

Description 

Enable External Devices 

Check the box to detect the external device connected to 
Vigor2960. 

Refresh 

Click it to renew the web page. 

Status 

Display current status (online or offline) of the device. 

Model Name 

Display the model name of the external product. 

IP Address 

Display the IP address of the external product. 

Connection Time 

Display the connection time that the external product 
connecting to Vigor2960. 

Clear 

Click the icon to remove the record of the device 

when it is offline. 
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After checking the box of Enable External Devices, click Refresh. Later, the basic 
information of available devices will be displayed in this pag. 


4.15 Product Registration 

Please refer to section 2.3 Register Vigor Router for more detailed information. 
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Chapter 5: Trouble Shooting 


This section will guide you to solve abnormal situations if you cannot access into the Internet 
after installing the router and finishing the web configuration. Please follow sections below 
to check your basic installation status stage by stage. 

• Checking if the hardware status is OK or not. 

• Checking if the network connection settings on your computer are OK or not. 

• Pinging the router from your computer. 

• Checking if the ISP settings are OK or not. 

• Backing to factory default setting if necessary. 

If all above stages are done and the router still cannot run normally, it is the time for you to 
contact your dealer for advanced help. 


5.1 Checking If the Hardware Status Is OK or Not 

Follow the steps below to verify the hardware status. 

1. Check if the power line and WLAN/LAN cable connections is OK. 

If not, refer to “1.3 Hardware Installation” for reconnection. 

2. Turn on the router. Make sure the ACT LED blink once per second and the 
correspondent LAN LED is bright. 




LNK 1000 LNK 1000 LNK 1000 LNK 1000 LNK 1000 LNK 

rnn nmr 

GigaLAN ► 1 2 3 (SFP1) GigaWAN ► 1 2 3 


3. If not, it means that there is something wrong with the hardware status. Simply back to 
“1.3 Hardware Installation” to execute the hardware installation again. And then, try 
again. 
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5.2 Checking If the Network Connection Settings on Your 
Computer Is OK or Not 

Sometimes the link failure occurs due to the wrong network connection settings. After trying 
the above section, if the link is stilled failed, please do the steps listed below to make sure 
the network connection settings is OK. 


For Windows 


The example is based on Windows XP. As to the examples for other operation 
systems, please refer to the similar steps or find support notes in 

www.draytek.com. 


1. Go to Control Panel and then double-click on Network Connections. 



Network Connection: 


2. Right-click on Local Area Connection and click on Properties. 


Disable 

Status 

Repair 

Bridge Connections 

Create Shortcut 

Delete 

Rename 


Properties 



3. Select Internet Protocol (TCP/IP) and then click Properties. 
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4. Select Obtain an IP address automatically and Obtain DNS server address 
automatically. 



For Mac OS 

1. Double click on the current used Mac OS on the desktop. 

2. Open the Application folder and get into Network. 

3. On the Network screen, select Using DHCP from the drop down list of Configure 
IPv4. 
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5.3 Pinging the Router from Your Computer 

The default gateway IP address of the router is 192.168.1.1. For some reason, you might 
need to use “ping” command to check the link status of the router. The most important 
thing is that the computer will receive a reply from 192.168.1.1. If not, please check the 
IP address of your computer. We suggest you setting the network connection as get IP 
automatically. (Please refer to the section 5.2) 

Please follow the steps below to ping the router correctly. 

For Windows 

1. Open the Command Prompt window (from Start menu> Run). 

2. Type command (for Windows 95/98/ME) or cmd (for Windows NT/ 2000/XP/Vista). 
The DOS command dialog will appear. 



3. Type ping 192.168.1.1 and press [Enter]. If the link is OK, the line of “Reply from 
192.168.1.1 :bytes=32 time<lms TTL=255” will appear. 

4. If the line does not appear, please check the IP address setting of your computer. 

For Mac OS (Terminal) 

1. Double click on the current used Mac OS on the desktop. 

2. Open the Application folder and get into Utilities. 

3. Double click Terminal. The Terminal window will appear. 

4. Type ping 192.168.1.1 and press [Enter]. If the link is OK, the line of “64 bytes from 
192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. 


DrayTek 


276 


Vigor2960 Series User’s Guide 





0 0 0 Terminal — bash — 80x24 

Last login: Sat Gan 3 02:24:18 on ttypi § 

Welcome to Darwin! 

Vigor10:- draytek$ ping 192.168.1.1 

PING 192.168.1.1 (192.168.1.1): 56 data bytes 

64 bytes from 192.168.1.1: icmp_seq=0 tt1=255 time=0.755 ms 

64 bytes from 192.168.1.1: icmp_seq=l tt1=255 time=0.697 ms 

64 bytes from 192.168.1.1: icmp_seq=2 tt1=255 time=0.716 ms 

64 bytes from 192.168.1.1: icmp_seq=3 tt 1=255 time=0.731 ms 

64 bytes from 192.168.1.1: icmp_seq=4 tt1=255 time=0.72 ms 

AC 

— 192.168.1.1 ping statistics — 

5 packets transmitted, 5 packets received, 0% packet loss 
round-trip min/avg/max = 0.697/0.723/0.755 ms 
Vigor10:- draytek$ | 


5.4 Checking If the ISP Settings are OK or Not 

Open Online Status to check current network status. Be careful to check if the settings 
coming from your ISP have been typed correctly or not. 


Refresh 


I 



Device Information 

Model : Vigor2960 


Hardware 
Firmware : 
Build Date 
Reversion 


1.0 

1.0.5RC7 
2011-12-07 16:56:33 
2849 


System Information 

CPU Usage : 8% 

Memory Usage : 19 % 

System Up Time : 0 days 1:7:32 

Current System Time : Sat Jan 1 09:07:30 UTC 2011 
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If there is something wrong with the configuration, please go to WAN page and choose 
General Setup again to modify the WAN connection. 



5.5 Backing to Factory Default Setting If Necessary 


Sometimes, a wrong connection can be improved by returning to the default settings. Try to 
reset the router by software or hardware. 


s 


Warning: After pressing factory default setting, you will lose all settings you did 
before. Make sure you have recorded all useful settings before you pressing. The 
password of the factory default is null. 


Software Reset 


You can reset router to factory default via Web page. 


Go to System Maintenance» Reboot System on the web page. The following screen will 
appear. Choose the selection you need and click Reboot After few seconds, the router will 
return all the settings to the factory settings. 


System Maintenance » Reboot System » Reboot System 


Reboot System 

0 Reboot with Current Configurations 
Reboot Option : 0 Re bo ot with Facto ry Defa i lit Co nfi gju rati oi i s 

0 Reboot with Customized Confiyrn ations 



^ Reboot 
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Hardware Reset 


While the router is running (ACT LED blinking), press the Factory Reset button and hold 
for more than 5 seconds. When you see the ACT LED blinks rapidly, please release the 
button. Then, the router will restart with the default configuration. 



After restore the factory default setting, you can configure the settings for the router again to 
fit your personal request. 


5.6 Contacting Your Dealer 

If the router settings are correct at all, and the router still does not connect to internet, please 
contact your ISP technical support representative to help you for configuration. 

Also, if the router still cannot work correctly, please contact your dealer for help. For any 
further questions, please send e-mail to support@dravtek.com . 
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